GEN:SID | 1:987 |
Message | WEB-IIS .htr access |
Summary | This event is generated when an attempt is made to disclose the contents of an Active Server Page (ASP) using a malformed HTR request.
|
Impact | Information gathering. Fragments of the source code of an ASP may be returned possibly disclosing sensitive information.
|
Detailed Information | HTR is an older scripting language still supported by Internet Information Service (IIS). HTR requests are preocessed by ISM.DLL that improperly evaluates malformed HTR requests. This may disclose parts of the source code associated with a .asp file referenced in the request.
|
Affected Systems | Microsoft IIS 4.0, 5.0
|
Attack Scenarios | An attacker can craft a malformed request to disclose source code possibly revealing sensitive information.
|
Ease of Attack | Simple.
|
Corrective Action | Apply the patch referenced in the Microsoft link.
Consider running the IIS Lockdown Tool to disable HTR functionality.
|
Additional References | CVE http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0063
Bugtraq http://www.securityfocus.com/bid/1488
Microsoft http://www.microsoft.com/technet/security/bulletin/ms00-031.asp
|
Rule References | bugtraq: 1488
cve: 2000-0630
nessus: 10680
|