标题: IIS 6.0的WEB管理接口存在多个问题 [打印本页] 作者: 韩冰 时间: 2004-10-9 14:26 标题: IIS 6.0的WEB管理接口存在多个问题 Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... 7 b$ w+ O) B' ]& _# i# W来源:CNCERT 2003-08-01 ! P5 G, b3 M) \0 b6 D 1 U1 ?# t: b! C2 a g5 d& | A6 e/ y; B & R J( q# t/ r# wCNCVE编号:CNCVE-200314380 v8 b. q5 N- W$ ?
# P' R. H6 b: _: [4 V! E8 {# l8 H) d
CVE编号: 7 S9 B+ D4 \- L' n+ k* l , m& I/ a( ~: u- E+ p安全级别:高 / q$ R f. A3 T0 m 8 p u H0 v7 ~! _3 T漏洞中文描述: 8 b3 D( r; T6 ^- l. {+ IMicrosoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。3 l% H2 {% z- c, Z7 T
, G- ]- j5 n3 ^漏洞英文描述: # I1 B& T2 o: t$ r# MMultiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs., e3 H1 }# L _8 J3 o
' h/ Z8 P7 y# Y4 g# W, ]
漏洞参考: A* e! o1 U$ @- ~+ Ghttp://www.securityfocus.com/bid/8244* w- z' g9 ^: K5 |! _3 }8 h, n
. E, s5 S9 N; |$ I# o( _系统类型: Win2000/NT / r( J d8 t0 C- E7 M/ z: }0 a& _1 v; f
漏洞类型:其他作者: ilikenba 时间: 2004-10-19 20:12
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com