GEN:SID 1:1725
Message WEB-IIS +.htr code fragment attempt
Summary This event is generated when an attempt is made to disclose the contents of an Active Server Page (ASP) using a malformed HTR request.
Impact Information gathering.  Fragments of the source code of an ASP may be returned possibly disclosing sensitive information.
Detailed Information HTR is an older scripting language still supported by Internet Information Service (IIS).  HTR requests are preocessed by ISM.DLL that improperly evaluates malformed HTR requests.  This may disclose parts of the source code associated with a .asp file referenced in the request.
Affected Systems Microsoft IIS 4.0, 5.0
Attack Scenarios An attacker can craft a malformed request to disclose source code possibly revealing sensitive information.
Ease of Attack Simple.
Corrective Action Apply the patch referenced in the Microsoft link.

Consider running the IIS Lockdown Tool to disable HTR functionality.
Additional References CVE
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0063

Bugtraq
http://www.securityfocus.com/bid/1488

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms00-031.asp
Rule References cve: 2000-0630
bugtraq: 1488
nessus: 10680
url: www.microsoft.com/technet/security/bulletin/MS00-044.mspx