Reported January 29, 2001, by Microsoft.
VERSIONS AFFECTED
- Internet Information Server 4.0
- Internet Information Server 5.0
DESCRIPTION
Microsoft has issued a patch for
a new variation of the “File Fragment Reading via .HTR” vulnerability. A
malicious user can use this vulnerability to read .asp files.
VENDOR RESPONSE
Microsoft has released a security bulletin, MS01-004. Microsoft recommends that users disable .htr functionality and not store sensitive information on a Web server.
CREDIT
Discovered by
Microsoft.
0 comments
Hide comments