GEN:SID 1:1000
Message WEB-IIS bdir.htr access
Summary This event is generated when an attempt is made to access the bdir.htr file.
Impact Information gathering.  This attack can disclose the directory structure on a vulnerable Internet Information Server(IIS).
Detailed Information A vulnerability is exposed if an upgrade to IIS 4.0 is performed without deleting the remote administration scripts from IIS 3.0. Because of changes to the authentication methods between versions 3.0 and 4.0, these scripts can be accessed directly, and without authentication. An attacker can access one of these scripts, bdir.htr, to disclose the
vulnerable server's directory structure.

Affected Systems IIS 4.0 servers that are upgraded from IIS 3.0.
Attack Scenarios An attacker can craft a URL to access the bdir.htr file, which can disclose the directory structures on the vulnerable server.
Ease of Attack Simple.  
Corrective Action Remove the bdir.htr file if it is not required.
Additional References Bugtraq
http://www.securityfocus.com/bid/2280


Rule References bugtraq: 2280
nessus: 10577