New Variant of .HTR Vulnerability in IIS Servers

Microsoft recently released a patch for Microsoft IIS 4.0 and 5.0 servers that fixes a new variant of an old vulnerability. This vulnerability, which can occur only under rare conditions, lets attackers view files from the server for which Web users already have permissions and could potentially let users see an Active Server Pages (ASP) page's content. Users who have disabled HTR functionality aren't exposed to the new variant. For more information, including patch availability, go to Microsoft's Web site.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.