This script is Copyright (C) 2001-2013 Pedro Antonio Nieto Feijoo
The remote web server is affected by an information disclosure
Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source
code which should otherwise be inaccessible. This is done by appending
'+.htr' to a request for a known '.asp' (or '.asa', '.ini', 'etc')
See also :
.htr script mappings should be removed if not required.
- open Internet Services Manager
- right click on the web server and select properties
- select WWW service | Edit | Home Directory | Configuration
- remove the application mappings reference to .htr
If .htr functionality is required, install the relevant patches
from Microsoft (MS01-004).
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 3.7