Malformed HTR Request Returns Source Code for ASP Scripting Files

Article translations Article translations
Article ID: 260069 - View products that this article applies to.
This article was previously published under Q260069
This article has been archived. It is offered "as is" and will no longer be updated.
Expand all | Collapse all

On This Page

SYMPTOMS

A malformed HTR request may cause the source code of the Active Server Pages (ASP) script file to be returned.

CAUSE

The problem occurs because the CreateFile function that is used to open requested files deletes all of the trailing spaces in a file name. The file-name truncation in the CreateFile function causes the two names "C:\Ineptub\Wwroot\Default.asp" and "C:\Ineptub\Wwroot\Default.asp<followed by several blank spaces>" to be the same, which causes the source code of the Default.asp file to be opened and be returned.

RESOLUTION

To resolve this problem, obtain the latest service pack for Windows 2000. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
260910 How to Obtain the Latest Windows 2000 Service Pack
Windows 2000:

The following file is available for download from the Microsoft Download Center:
Collapse this imageExpand this image
Download
Download Q267559_w2k_sp2_x86_en.exe now
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on secure servers that prevent any unauthorized changes to the file.

For additional information about what this package fixes, click the article numbers below to view the articles in the Microsoft Knowledge Base:
267560 Changing the URL in a Specific Manner May Expose Contents of a File
267559 GET on .Htr File Can Cause a "Denial of Service" or Enable Directory Browsing
260838 IIS Stops Servicing .htr Requests
The English version of this fix should have the following file attributes or later:
   Date        Time    Version         Size    File name
   -----------------------------------------------------
   07/07/2000  03:17p  5.00.2195.2100  46,352  Ism.dll
				

Windows NT 4.0

A supported fix is now available from Microsoft, but it is only intended to correct the problem that is described in this article. Apply it only to computers that are experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information about support costs, visit the following Microsoft Web site:
http://support.microsoft.com/default.aspx?scid=fh;EN-US;CNTACTMS
NOTE: In special cases, charges that are ordinarily incurred for support calls may be canceled if a Microsoft Support Professional determines that a specific update will resolve your problem. The usual support costs will apply to additional support questions and issues that do not qualify for the specific update in question.

The following files are available for download from the Microsoft Download Center:
x86:
Collapse this imageExpand this image
Download
Download Htrdos4i.exe now
x86 Symbols:
Collapse this imageExpand this image
Download
Download Htrdos4is.exe now
Alpha:
Collapse this imageExpand this image
Download
Download Htrdos4a.exe now
Alpha Symbols:
Collapse this imageExpand this image
Download
Download Htrdos4as.exe now
For additional information about how to download Microsoft Support files, click the following article number to view the article in the Microsoft Knowledge Base:
119591 How to Obtain Microsoft Support Files from Online Services
Microsoft scanned this file for viruses. Microsoft used the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help to prevent any unauthorized changes to the file. For additional information about what this package fixes, click the article numbers below to view the articles in the Microsoft Knowledge Base:
267560 Changing the URL in a Specific Manner May Expose Contents of a File
267559 GET on .Htr File Can Cause a "Denial of Service" or Enable Directory Browsing
260838 IIS Stops Servicing .htr Requests
The English version of this fix should have the following file attributes or later:
   Date        Time    Version    Size    File name  Platform
   ----------------------------------------------------------
   06/28/2000  09:34p  4.2.748.1  54,544  Ism.dll    x86
   06/28/2000  09:30p  4.02.0748  84,752  Ism.dll    Alpha
				

STATUS

This problem was first corrected in Windows 2000 Service Pack 2.

Internet Information Services 5.0

Microsoft has confirmed that this is a problem in Internet Information Services 5.0.

Internet Information Server 4.0

Microsoft has confirmed that this is a problem in Internet Information Server 4.0.

MORE INFORMATION

For related information about this problem, please visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/bulletin/ms00-031.mspx
For additional security-related information about Microsoft products, please visit the following Microsoft Web site:
http://www.microsoft.com/security/
For additional information about other issues that are resolved by this update, click the article number below to view the article in the Microsoft Knowledge Base:
260838 IIS Stops Servicing .htr Requests
For additional information about how to install Windows 2000 and Windows 2000 hotfixes at the same time, click the article number below to view the article in the Microsoft Knowledge Base:
249149 Installing Microsoft Windows 2000 and Windows 2000 Hotfixes

Properties

Article ID: 260069 - Last Review: October 20, 2013 - Revision: 5.4
APPLIES TO
  • Microsoft Internet Information Services 5.0
  • Microsoft Internet Information Server 4.0
Keywords: 
kbnosurvey kbarchive kbbug kbfix kbgraphxlinkcritical kbwin2000presp2fix KB260069

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com