Intrusion Prevention

MS.IIS.File.Fragment.Disclosure

Description

This indicates an attack attempt against a fragment disclosure vulnerability in IIS.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted URL. It allows a remote attacker to read the source code from executable web server programs by appending "%3F+.htr" to the requested URL.

Affected Products

Microsoft IIS 5.0
Microsoft IIS 4.0

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

CVE References

CVE-2001-0004