Forum - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

Дырка в HTR-файлах IIS
updated since 11.05.2000
Published: 30.01.2001
Source: MICROSOFT
SecurityVulns ID: 139
Type: remote
Level: 5/10
Описание: С помощью некорректного запроса к HTR-файлу можно подвесить обрарбатывающий его ISAPI фильтр. Кроме того, через HTR ISAPI (ISM.DLL) можно получить фрагменты некоторых файлов.

Affected: MICROSOFT : Internet Information Server 4.0
MICROSOFT : Internet Information Server 5.0

Original document MICROSOFT, Security Bulletin (MS01-004) (30.01.2001)

Georgi Guninski, IIS 5.0 allows viewing files using %3F+.htr (10.01.2001)

Cerberus Security Team, Alert: IIS ism.dll exposes file contents (12.05.2000)

X-FORCE, ISSalert: Internet Security Systems Security Advisory: Microsoft IIS Remote Denial of Service Attack (12.05.2000)

document MICROSOFT, Security Bulletin (MS00-031) (11.05.2000)

Files: IIS 4.0 HTR vulnerability patch
IIS 5.0 HTR vulnerability patch
BugTraq ID: 1191
BugTraq ID: 1193
Discuss: Read or add your comments to this news (0 comments)

Show		Threads
		Messages


Login:*		(Register)
Password:*
(private)	To:
(reply)	Subject:*
Text:

Main Forum (Eng) General security questions not appropriate for another forums.	3proxy Forum (Eng) All 3proxy question must be posted to this forum.	Bugs, Vulnerabilities, PoCs and Exploits (Eng) All vulnerability related questions, vulnerability digging and exploit creation.	Windows programming and administration (Eng) Administering Windows and application development.	Unix programming and administation (Eng) Administering Unix and application development.	Test forum Please post all test messages here. All test messages from different forums will be deteted.
Main Forum (Rus)	3proxy Forum (Rus)	Bugs, Vulnerabilities, PoCs and Exploits (Rus)	Windows programming and administration (Rus)	Unix programming and administation (Rus)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod