2 matches found
Microsoft Internet Information Server (IIS) contains remote buffer overflow in chunked encoding data transfer mechanism for HTR
Overview A buffer overflow vulnerability in IIS 4.0 and 5.0 could allow an intruder to execute arbitrary code on an IIS server with the privileges of the HTR ISAPI extension. Description Chunked encoding is a means to transfer variable-sized units of data called chunks from a web client to a web...
CVE-2001-0004
This CVE concerns IIS 4.0/5.0 where an attacker can cause the server to disclose file contents by sending a crafted GET request that appends %3F+.htr, causing the target file to be parsed as an .HTR ISAPI extension. Impact: unauthenticated remote disclosure of potentially sensitive files within t...