Rapid7 Vulnerability & Exploit Database

Microsoft IIS 4.0/5.0 Source Fragment Disclosure Exploit

Back to Search

Microsoft IIS 4.0/5.0 Source Fragment Disclosure Exploit

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
07/17/2000
Created
07/25/2018
Added
11/01/2004
Modified
12/04/2013

Description

Microsoft IIS 4.0 and 5.0 can be made to disclose fragments of source code which should otherwise be inaccessible. This is done by appending "+.htr" to a request for a known .asp (or .asa, .ini, etc) file.

Appending this string causes the request to be handled by ISM.DLL, which then strips the +.htr string and may disclose part or all of the source of the .asp file specified in the request. There has been a report that source will be displayed up to the first '<%' encountered. '<%' and '%>' are server-side script delimiters. Pages which use the <script runat=server></script> delimiters instead will display the entire source, or up to any '<%' in the page.

This vulnerability is a variant of a previously discovered vulnerability, BugTraq ID 1193.

Solution(s)

  • http-iis-0020

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;