- Quick specs
- Price: Free
- Operating system: Windows 95, Windows 2000, Windows NT, Windows 98
- Date added: July 21, 2000
- Total Downloads: 7,158
- Downloads last week: 20
- See full specifications
A newer version of IIS4 Absent Directory Browser Argument Vulnerability Patch is available.
Download the latest version | Learn more about Microsoft IIS4 File Fragment Reading via HTR Vulnerability Patch MS01-004
(Download doesn't provide access to previous versions of this program.)
- Average user rating: stars out of 2 votes
See all user reviews
Publisher's description
From Microsoft :From the developer:
"There are two vulnerabilities at issue:
- The 'Absent Directory Browser Argument' vulnerability. An administrative script installed as part of IIS 3.0 but preserved on upgrade to IIS 4.0 or IIS 5.0 does not correctly handle the case where an expected argument is missing. The absence of the argument causes the script to go into an infinite loop, at which point the script consumes all CPU resources on the server. In addition, the permissions on this tool and several related ones, which were appropriate under IIS 3.0, are inappropriate under IIS 4.0 and 5.0. This could allow web site visitors to use these tools, which provide the ability to view the directory structure on the server.
- A new variant on the 'File Fragment Reading via .HTR' vulnerability. The original version of this vulnerability was discussed in Microsoft Security Bulletin MS00-031. The new vulnerability differs only in the specific way that it could be exploited – like the original version, the effect of the vulnerability is that fragments of .ASP and other files could potentially be retrieved from the server. As in the original version, the mechanics of the new variant make it likely that the parts of an .ASP file most interesting to a malicious user would be stripped out.
Note: The patch should only be installed by customers who have a business-critical need for the .HTR functionality. Microsoft recommends that all other customers disable the .HTR functionality altogether, as discussed in the FAQ. Customers who choose to install the patch should also strengthen the permissions on the /scripts/iisadmin folder in each web site on the server, and ensure that only administrators can access it.
More popular Encryption Software downloads
- 52,623 downloads 1. RoboForm
- 27,875 downloads 2. Hotspot Shield
- 26,862 downloads 3. Computer Use Reporter
- 8,814 downloads 4. Easy File Encryption
- 8,095 downloads 5. Easy Private Disk
- See all Encryption Software downloads
User reviews of IIS4 Absent Directory Browser Argument Vulnerability Patch
Write your own review Be the first one to review IIS4 Absent Directory Browser Argument Vulnerability Patch and share your experience with the CNET community!
Submit your review
Previous Versions:
