Rapid7 Vulnerability & Exploit Database

Microsoft IIS HTR Chunked Transfer Encoding Heap Overflow

Back to Search

Microsoft IIS HTR Chunked Transfer Encoding Heap Overflow

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
07/03/2002
Created
07/25/2018
Added
11/01/2004
Modified
12/04/2013

Description

A buffer overrun vulnerability involving the operation of the chunked encoding transfer mechanism via HTR scripts in IIS 4.0 and 5.0. An attacker who exploited this vulnerability could overrun heap memory on the system, with the result of either causing the IIS service to fail or allowing code to be run on the server.

Solution(s)

  • http-iis-0064

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;