| VID |
22038 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The IIS server appears to have the .HTR ISAPI filter mapped.
In the default IIS installation, .HTR functionality is enabled. .HTR files are used only for for web-based password resets. There exists a heap overflow in the server component that is used to handle requests to .HTR files. As with most heap overflows, this heap overflow can be used to execute arbitrary machine code. In the default installation, this results in remote execution in the IUSR_machine security context. This is detailed in Microsoft Advisory MS02-018.
Affected Software:
Microsoft Internet Information Server 4.0
Microsoft Internet Information Services 5.0
Microsoft Internet Information Services 5.1
* References:
http://www.microsoft.com/technet/security/bulletin/ms02-018.asp
http://online.securityfocus.com/archive/1/267048 |
| Recommendation |
Upgrade to IIS of at least 6.0 version.
-- OR --
Even if you have patched this vulnerability, we recommend that you unmap the .HTR extension, and any other unused ISAPI extensions if they are not required for the operation of your site.
To unmap the .HTR extension:
1. Open Internet Services Manager.
2. Right-click the Web server choose Properties from the context menu.
3. Master Properties
4. Select WWW Service -> Edit -> HomeDirectory -> Configuration and remove the reference to .htr from the list. |
| Related URL |
CVE-2002-0071 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
