NASLDB: Microsoft IIS .HTR ISAPI Filter Enabled
General
ID: 10932
Name: Microsoft IIS .HTR ISAPI Filter Enabled
Summary: Tests for IIS .htr ISAPI filter
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –
Port: 80
Family: Web Servers
Type: Remote
Description
The IIS server appears to have the .HTR ISAPI filter mapped.
At least one remote vulnerability has been discovered for the .HTR
filter. This is detailed in Microsoft Advisory
MS02-018, and gives remote SYSTEM level access to the web server.
It is recommended that, even if you have patched this vulnerability,
you unmap the .HTR extension and any other unused ISAPI extensions
if they are not required for the operation of your site.
Exploiting
Exploit Available: True
Exploitability Ease: Exploits are available
Sources
CVE: CVE-2002-0071
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: 2002/04/10
Patch Release: –
Plugin Release: 2002/04/10
Plugin
Version: 1.31
Filename: iis_htr_isapi.nasl
Filesize: 3259 bytes
MD5 Hash: ee60156e6330906f3c0a78252378e22a
Identification: –
Require Keys: –
Dependencies: "find_service1.nasl", "no404.nasl", "http_version.nasl", "www_fingerprinting_hmap.nasl"
Copyright: This script is Copyright© 2002-2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack