Microsoft IIS .HTR ISAPI Filter Enabled

This script is Copyright (C) 2002-2014 Tenable Network Security, Inc.

Synopsis :

The remote web server is affected by a buffer overflow vulnerability.

Description :

The IIS server appears to have the .HTR ISAPI filter mapped.

At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.

It is recommended that, even if you have patched this vulnerability,
you unmap the .HTR extension and any other unused ISAPI extensions
if they are not required for the operation of your site.

See also :

Solution :

Apply the patch referenced above.

Risk factor :

High / CVSS Base Score : 7.5
CVSS Temporal Score : 5.9
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 10932 (iis_htr_isapi.nasl)

Bugtraq ID: 4474

CVE ID: CVE-2002-0071

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial