Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

Test Microsoft IIS Source Fragment Disclosure

Severity

High

Family

Remote file access

CVSSv2 Base

7.5

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Solution Type

Vendor Patch

Created

18 years ago

Modified

5 years ago

Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending +.htr to a request for a known .asp (or .asa, .ini, etc) file.

Solution

.htr script mappings should be removed if not required. - open Internet Services Manager - right click on the web server and select properties - select WWW service > Edit > Home Directory > Configuration - remove the application mappings reference to .htr If .htr functionality is required, install the relevant patches from Microsoft (MS01-004)

Common Vulnerabilities and Exposures (CVE)

References

http://www.microsoft.com/technet/security/bulletin/MS01-004.mspx

Free and open-source vulnerability scanner

Available for macOS, Windows, and Linux

Test Microsoft IIS Source Fragment Disclosure

Information

Severity

Severity

Family

Family

CVSSv2 Base

CVSSv2 Base

CVSSv2 Vector

CVSSv2 Vector

Solution Type

Solution Type

Created

Created

Modified

Modified

Share

Summary

Solution

Solution

Common Vulnerabilities and Exposures (CVE)

References