3 ^' j) u8 n. F" s' w0 H/ c3 b+ ] 5 V+ ~$ p) y' W ICNCVE编号:CNCVE-20031438 6 Y, n4 J6 s2 z) L0 t2 ~3 I0 \8 h& c. N4 T5 w2 T
CVE编号:* S! R2 I0 }4 i7 @2 P
- P8 E$ W' u6 g
安全级别:高! Z- U7 V# s4 P5 i
1 h! ?$ Y; e+ V F漏洞中文描述: 0 W9 h7 L- V; k; l* }( q7 X/ JMicrosoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。 $ W9 K# l0 q2 {2 a) s4 O9 x9 o7 |- u# g2 Y& D' h
漏洞英文描述: 3 L1 j, F! f7 \0 f4 kMultiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. / }/ V1 V7 w0 {! B3 }* h 2 N4 H1 ^( L1 Y" \: H* Y漏洞参考:+ Q* B7 V% _7 ~/ z
http://www.securityfocus.com/bid/8244! Y1 V4 f3 c8 T# m/ g" i! R, S* T
8 R- ~5 B$ f( ~: v系统类型: Win2000/NT ! B4 \/ q& E8 W. b8 a8 G8 h0 D& t 6 N0 V5 A$ Y$ f2 ^1 }9 [% c漏洞类型:其他作者: ilikenba 时间: 2004-10-19 20:12
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com