VULHUB ™

The virtual directory within IIS 4.0 and 5.0 contains .htr files which permits users to change passwords remotely. If a user initiates a password change request containing malformed data, the server CPU becomes fully utilized until the administrator performs a reboot to regain normal functionality. The patch available for this issue creates a similar vulnerability which is exploited by appending %3F+.htr to a request.

The virtual directory within IIS 4.0 and 5.0 contains .htr files which permits users to change passwords remotely. If a user initiates a password change request containing malformed data, the server CPU becomes fully utilized until the administrator performs a reboot to regain normal functionality. The patch available for this issue creates a similar vulnerability which is exploited by appending %3F+.htr to a request.