Features
-
License:
Free
-
Editor's Rating:
Not rated
- Average User Rating:
-
Downloads:
7,271
- Operating Systems:
Windows NT
- Additional Requirements:
Windows NT, Microsoft Internet Information Server 4.0
- Limitations:
No limitations
- Date Added:
February 16, 2001
-
Previous Versions:
Publisher's description of Microsoft IIS4 File Fragment Reading via HTR Vulnerability Patch
From Microsoft:This patch eliminates a security vulnerability in Microsoft Internet Information Service. The vulnerability could allow enable an attacker, under very unusual conditions, to read fragments of files from a Web server.
This vulnerability involves a new variant of the "File Fragment Reading via .HTR" vulnerability. Like the original variants, this one could enable an attacker to request a file in a way that would cause it to be processed by the HTR ISAPI extension. The result of doing this is that fragments of server-side files such as ASP files could potentially be sent to the attacker. There is no capability via the vulnerability to add, change, or delete files on the server, or to access a file without permissions.
Customers who have previously disabled the HTR functionality would not be affected by this vulnerability. Microsoft recommends that all customers who haven't already disabled HTR do so, unless there is a business-critical reason for keeping it. Frequently asked questions regarding this vulnerability can be found here.
CNET Editor's Note: This patch can be applied to systems running Windows NT 4.0 Service Packs 5 and 6a. It will be included in Service Pack 7.
- See more CNET content tagged:
- Microsoft Corp.,
- attacker,
- server,
- vulnerability
More popular Encryption Software downloads
- 58,873 downloads 1. RoboForm
- 10,761 downloads 2. SuperEncryptor
- 5,756 downloads 3. Folder Lock
- 2,546 downloads 4. Eraser
- 2,154 downloads 5. RAR Password Cracker
- See all Encryption Software downloads
User reviews
Write your own review Be the first one to review Microsoft IIS4 File Fragment Reading via HTR Vulnerability Patch MS01-004 and share your experience with the CNET community!
Previous versions: See all user reviews
Submit your review
You must be 13 years of age or older to submit personal information to CNET Networks. In compliance with the Children's Online Privacy Protection Act of 1998, CNET Networks does not accept name and e-mail address information from users who are under 13 years of age.
All submitted ratings and written comments become the sole property of CNET Networks, Inc. (CNET) and may be used at CNET Networks' sole discretion. Ratings and written comments are generally posted within two to four business days in batch groups, not in real time. However, CNET Networks reserves the right to remove or refuse to post any submission for any reason. You acknowledge that you, not CNET Networks, are responsible for the contents of your submission.
CNET Networks is not responsible for the content of the publisher's descriptions or user reviews on this site. We encourage you to determine whether this product or your intended use is legal. We do not encourage or condone the use of any software in violation of applicable laws. CNET Download.com does not sell, resell, or license any of the products listed on the site. We cannot be held liable for issues that arise from the download or use of these products.
