It was discovered that Keep-Alive HTTP connections cause the rewrite filter to leak memory until the connection is closed. This is because the memory allocated by the AllocMem function of HTTP_FILTER_CONTEXT, is only released when the connection closes (see http://msdn.microsoft.com/en-us/library/ms525115%28v=vs.90%29.aspx
). Therefore no memory is released until the connection is closed. This creates a denial of service vulnerability.