HTR Files Expose ASP File Content on IIS

Reported January 29, 2001, by Microsoft.

VERSIONS AFFECTED

  • Internet Information Server 4.0

  • Internet Information Server 5.0 

DESCRIPTION

Microsoft has issued a patch for a new variation of the “File Fragment Reading via .HTR” vulnerability. A malicious user can use this vulnerability to read .asp files.

VENDOR RESPONSE

Microsoft has released a security bulletin, MS01-004. Microsoft recommends that users disable .htr functionality and not store sensitive information on a Web server.

CREDIT
Discovered by Microsoft.

 

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish