SID 1806
Msg
"WEB-IIS .htr chunked Transfer-Encoding"
Summary
This event is generated when an attempt is made to exploit a buffer overflow associated with chunked encoding processing of HTR in Internet Information Services (IIS).
Classtype
web-application-attack
Impact
Remote Access. If the exploit is successful, an attacker can gain remote access of the target host.
Detailed Information
A buffer overflow exists with chunked encoding processing associated with HTR in IIS. Chunked encoding allows different sized chunks of data to be passed from the web client to the server. HTR is an older scripting language still supported by IIS. A heap overflow vulnerability exists because of an error in chunked encoding data transfer associated with the Internet Services Application Programming Interface (ISAPI) extension that implements HTR.
Affected Systems
- Microsoft IIS 4.0, 5.0
Attack Scenarios
An attacker can craft a chunked encoded request to exploit the heap overflow.
Ease Of Attack
Moderate. Microsoft advises that this heap overflow is not as difficult to exploit as others.
False Positives
None Known.
False Negatives
None Known.
Contributors
- Original rule written by Brian Caswell
- Sourcefire Vulnerability Research Team
- Judy Novak
