IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending %3F+.htr to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the File Fragment Reading via .HTR vulnerability.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Internet_information_server | Microsoft | 4.0 (including) | 4.0 (including) |
| Internet_information_services | Microsoft | 5.0 (including) | 5.0 (including) |