<a name="1273"></a><a name="beginpage.6D09A264-6199-4A1E-AA0E-7EC1451DE2DB"></a>1    #2    # This script was written by Renaud Deraison 3    #4    # Based on Matt Moore's iis_htr_isapi.nasl5    #6    # Script audit and contributions from Carmichael Security 7    # Erik Anderson 8    # Added BugtraqID and  N9    #10   # TODO: internationalisation ?11   #12   # See the Nessus Scripts License for details13   #14   15   if(description)16   { 17   script_id(10932);18   script_bugtraq_id(4474);19   script_version ("$Revision: 1.13 $");20   script_cve_id("CVE-2002-0071");21   if(defined_func("script_xref"))script_xref(name:"IAVA", value:"2002-A-0002");22   name["english"] = "IIS .HTR ISAPI filter applied";23   script_name(english:name["english"]);24   25   desc["english"] = "26   The IIS server appears to have the .HTR ISAPI filter mapped.27   28   At least one remote vulnerability has been discovered for the .HTR29   filter. This is detailed in Microsoft Advisory30   MS02-018, and gives remote SYSTEM level access to the web server.31   32   It is recommended that, even if you have patched this vulnerability,33   you unmap the .HTR extension and any other unused ISAPI extensions34   if they are not required for the operation of your site.35   36   Solution :37   To...