Preface: IIS malformed .HTR requestLogo -Internet Security Systems

IIS malformed .HTR request
advICE :Intrusions : 2002559
 FAQ
Oh my gosh, I'm being HACKED!!!
How do I report the hacker to my ISP?
I'm seeing lots of attacks, is this normal?
Summary

An attempt has been made to compromise the server via the .HTR buffer overflow.

Details

This bug was first discovered in June 1999. It has since become one of the most popular ways of breaking into Windows NT web-servers. The reason it is so popular is because the default installation of IIS4 creates this vulnerability, and most people do not "harden" their servers.

Defense

Read the Microsoft bulletin below in order to disable the mapping for the .HTR, .STM, and .IDC extensions. Another possibility is to remove the ISM.DLL ISAPI extension. If these services are needed, then the latest patches should be applied to fix the bug.

 more information
Microsoft Advisory  
 
BugtraqID: 307   NT IIS4 Buffer Overflow Vulnerability
Affects systems using the .HTR, .STM, or .IDC extensions.  
mskb:Q234905  
 
CIAC: J-048   Malformed HTR Request Vulnerability
 
CVE-1999-0874   Buffer overflow in IIS .HTR, .IDC, or .STM extensions.
 
MS Bulletin: MS99-019  
 

 parametric information
URLThe suspicious URL.
accessedIndicates whether the URL was successfully accessed.
codeThe HTTP return code.
argThe argument to the GET command (if any).

 
Version appeared: 1.8.5.5
Privacy Policy |  Copyright Info