Microsoft IIS .HTR ISAPI Filter Enabled

This script is Copyright (C) 2002-2014 Tenable Network Security, Inc.


Synopsis :

The remote web server is affected by a buffer overflow vulnerability.

Description :

The IIS server appears to have the .HTR ISAPI filter mapped.

At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.

It is recommended that, even if you have patched this vulnerability,
you unmap the .HTR extension and any other unused ISAPI extensions
if they are not required for the operation of your site.

See also :

http://technet.microsoft.com/en-us/security/bulletin/ms02-018
http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0013.html

Solution :

Apply the patch referenced above.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 10932 (iis_htr_isapi.nasl)

Bugtraq ID: 4474

CVE ID: CVE-2002-0071