数学建模社区-数学中国

标题: IIS 6.0的WEB管理接口存在多个问题 [打印本页]
作者: 韩冰    时间: 2004-10-9 14:26
标题: IIS 6.0的WEB管理接口存在多个问题
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... : W5 J% H" O) r. F- G) A5 x
来源:CNCERT 2003-08-01 : L0 s5 D: W6 V% e5 s) j+ R

* d2 U/ g5 @( k- A7 M% S- S. O
, s/ H' o3 ?) l4 g/ [. d% sCNCVE编号:CNCVE-20031438
* Z0 `/ C. h/ p  }, o# w. y4 }
, i! n- {6 s/ b$ jCVE编号:! w! z6 ?9 Y3 b, f  \
. `8 A+ m  S% _/ `; G% W2 w
安全级别:高# c( _1 u: I# O# r5 w

. d# a4 ]( P) ^漏洞中文描述:& h- [( r( k- T7 O5 }
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。1 E9 y% _1 M$ |

: D0 i- V- b7 V$ W漏洞英文描述:5 I2 d3 Q6 A. ]6 Y) |
Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs.. @4 I" V' L8 W# r, `
. M; t3 L0 Q7 ^! v) H
漏洞参考:
" D! j. ?% r, n/ s5 Zhttp://www.securityfocus.com/bid/8244* @0 G+ {; P$ k+ S7 h1 d& L9 ~. b
+ ]# i- M( q: Y# h
系统类型: Win2000/NT ! {" k1 A+ {* L$ a- o. ]

, Y+ O- Q( w; |3 b# |8 N6 |漏洞类型:其他
作者: ilikenba    时间: 2004-10-19 20:12
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com



欢迎光临 数学建模社区-数学中国 (http://www.madio.net/) Powered by Discuz! X2.5