In the Microsoft Internet Information Services (IIS) world, Netcraft tests showed that more than half of the servers currently in use do not appear to have disabled HTR features following Microsoft's warnings about an HTR chunked encoding buffer overrun vulnerability put out on 10 June.
HTR scripts allow users to change passwords and allow administrators to perform various password management tasks. Carefully encoded HTR scripts could allow a hacker to plant malicious code such as a worm.
Although Netcraft cannot say for certain whether the patch has been applied to any of these servers, the company assumes that many will not have been patched.
Chunked encoding is also a vulnerable area on Apache Web servers, and on 17 June a warning was issued. According to Netcraft, more than six million sites have taken immediate action but this leaves 14 million still vulnerable.
Netcraft said, "Conditions are ripe for an epidemic of attacks against both Microsoft IIS and Apache-based sites." As if to illustrate Netcraft's point, an Internet worm called Scalper has started attacking Apache Web servers running on the FreeBSD operating system. The worm scans for vulnerable sites and installs a backdoor through which a hacker could penetrate a system. This may be the thin end of a wedge that could prise open other Unix-like systems.