Alnini.comUtilities » Security & Encryption » Microsoft IIS4 File Fragment Reading via HTR Vulnerability Patch
  

Microsoft IIS4 File Fragment Reading via HTR Vulnerability Patch MS01-004


This patch eliminates a security vulnerability in Microsoft Internet Information Service. The vulnerability could allow enable an attacker, under very unusual conditions, to read fragments of files from a Web server.

This vulnerability involves a new variant of the "File Fragment Reading via .HTR" vulnerability. Like the original variants, this one could enable an attacker to request a file in a way that would cause it to be processed by the HTR ISAPI extension. The result of doing this is that fragments of server-side files such as ASP files could potentially be sent to the attacker. There is no capability via the vulnerability to add, change, or delete files on the server, or to access a file without permissions.

Customers who have previously disabled the HTR functionality would not be affected by this vulnerability. Microsoft recommends that all customers who haven't already disabled HTR do so, unless there is a business-critical reason for keeping it. Frequently asked questions regarding this vulnerability can be found here.

Note: This patch can be applied to systems running Windows NT 4.0 Service Packs 5 and 6a. It will be included in Service Pack 7.

Publisher:

File size:

95KB

Date added:

16/02/2001

Licence:

Free

Requirements:

Windows NT, Microsoft Internet Information Server 4.0

Un/Install:

No

Downloads:

1,507

Download Now!

See Also

Folder Lock 4.375

Lock, hide, and password-protect personal files, folders, and pictures from other users of your PC.

Primedius Firewall Lite 1.62

Prevent intrusions into your PC by hackers, spyware, and adware.

Real Spy Monitor 2.07

Monitor all keystrokes, programs used, and Web sites visited on a PC.

Partners
• 

RSS | FAQ |

Links | Maestro

Copyright © 2004-2023 Alnini, Inc. All Rights Reserved. Privacy Policy | Terms of UseGeneration time: 0.02 | SQL queries: 8