This script is Copyright (C) 2001-2016 Pedro Antonio Nieto Feijoo
The remote web server is affected by an information disclosure
Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source
code which should otherwise be inaccessible. This is done by appending
'+.htr' to a request for a known '.asp' (or '.asa', '.ini', 'etc')
See also :
.htr script mappings should be removed if not required.
- open Internet Services Manager
- right click on the web server and select properties
- select WWW service | Edit | Home Directory | Configuration
- remove the application mappings reference to .htr
If .htr functionality is required, install the relevant patches
from Microsoft (MS01-004).
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7
Public Exploit Available : true
Family: Web Servers
Nessus Plugin ID: 10680 (iis_frag_disclosure.nasl)
Bugtraq ID: 11931488
CVE ID: CVE-2000-0457CVE-2000-0630
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.