MS.IIS.File.Fragment.Disclosure
Description
This indicates an attack attempt against a fragment disclosure vulnerability in IIS.
The vulnerability is caused by an error when the vulnerable software handles a specially crafted URL. It allows a remote attacker to read the source code from executable web server programs by appending "%3F+.htr" to the requested URL.
Affected Products
Microsoft IIS 5.0
Microsoft IIS 4.0
Impact
Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.
Recommended Actions
Apply patch:
http://www.microsoft.com/technet/security/bulletin/MS01-004.asp
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |