Resolution iis4.0/iis5.0 very long file name request there is a vulnerability
Vulnerability Description:
Affected version:
Microsoft IIS 5.0
+ Microsoft Windows NT 2000
Microsoft IIS 4.0
+ Microsoft Windows NT 4.0
+ Microsoft BackOffice 4.5
-Microsoft Windows NT 4.0
+ Microsoft BackOffice 4.0
-Microsoft Windows NT 4.0
When a known filename is added with 230 "%20" plus a. htr, Microsoft IIS 4.0/5.0 is installed to disclose the contents of the file. This is by ISM.dll
caused by a mapped. htr file. For example:
http://target/filename%20< Repeat 230 times >.htr
This request only works if the. HTR request is the first call or the ISM.dll is first loaded into memory.
Workaround:
Install Patch:
Microsoft IIS 5.0:
Http://download.microsoft.com/download/win2000platform/Patch/Q249599/NT5/EN-US/Q249599_W2K_SP1_X86_en.EXE
Microsoft IIS 4.0:
Http://download.microsoft.com/download/iis40/Patch/Q260838/NT4ALPHA/EN-US/ismpst4i.exe