Microsoft IIS .HTR ISAPI Filter Enabled

High Nessus Plugin ID 10932


The remote web server is affected by a buffer overflow vulnerability.


The IIS server appears to have the .HTR ISAPI filter mapped.

At least one remote vulnerability has been discovered for the .HTR filter. This is detailed in Microsoft Advisory MS02-018, and gives remote SYSTEM level access to the web server.

It is recommended that, even if you have patched this vulnerability, you unmap the .HTR extension and any other unused ISAPI extensions if they are not required for the operation of your site.


Apply the patch referenced above.

See Also

Plugin Details

Severity: High

ID: 10932

File Name: iis_htr_isapi.nasl

Version: $Revision: 1.35 $

Type: remote

Family: Web Servers

Published: 2002/04/10

Modified: 2017/08/30

Dependencies: 11919, 10107, 17975, 10386

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:microsoft:iis

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2002/04/10

Exploitable With

Metasploit (MS02-018 Microsoft IIS 4.0 .HTR Path Overflow)

Reference Information

CVE: CVE-2002-0071

BID: 4474

OSVDB: 3325

MSFT: MS02-018

MSKB: 319733