Microsoft IIS Source Fragment Disclosure

medium Nessus Plugin ID 10680

Synopsis

The remote web server is affected by an information disclosure vulnerability.

Description

Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending '+.htr' to a request for a known '.asp' (or '.asa', '.ini', 'etc') file.

Solution

.htr script mappings should be removed if not required.

- open Internet Services Manager
- right click on the web server and select properties
- select WWW service | Edit | Home Directory | Configuration
- remove the application mappings reference to .htr

If .htr functionality is required, install the relevant patches from Microsoft (MS01-004).

See Also

https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2001/ms01-004

Plugin Details

Severity: Medium

ID: 10680

File Name: iis_frag_disclosure.nasl

Version: 1.49

Type: remote

Family: Web Servers

Published: 5/29/2001

Updated: 5/28/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Required KB Items: www/ASP

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 1/14/1999

Reference Information

CVE: CVE-2000-0457, CVE-2000-0630

BID: 1193, 1488

CERT: 35085

MSFT: MS01-004

MSKB: 285985