HTTP: IIS .htr Heap Overflow Scanner Probe
This signature detects reconnaisance attempts against Microsoft IIS 4.0 and 5.0. Attackers can use iischeck.pl to determine if an IIS server is vulnerable to a heap overflow in .htr parsing. Attackers can obtain and use sensitive information to plan future, more targeted attacks.
Extended Description
A heap overflow condition in the 'chunked encoding transfer mechanism' related to the ISAPI HTR extension has been discovered in Microsoft IIS (Internet Information Services). This condition affects IIS 4.0 and IIS 5.0. Exploitation of this vulnerability may result in a denial of service or allow for a remote attacker to execute arbitrary instructions on the victim host.
Affected Products
Microsoft windows_nt_terminal_server
Short Name
HTTP:IIS:IISCHECK-PROBE
Severity
Warning
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
.htr CVE-2002-0364 Heap IIS Overflow Probe Scanner bid:4855
Release Date
04/25/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5