数学建模社区-数学中国

标题: IIS 6.0的WEB管理接口存在多个问题 [打印本页]
作者: 韩冰    时间: 2004-10-9 14:26
标题: IIS 6.0的WEB管理接口存在多个问题
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... $ C; }2 }0 U5 x: b- |2 r( ~6 [& J: V' V
来源:CNCERT 2003-08-01 6 x" m' l  m' p. ]1 Z) A% X# f0 ]
9 [1 ^! N1 c/ M! p- ?

2 L) F- |8 D7 X: lCNCVE编号:CNCVE-20031438
) l- K; J. \8 F1 V  L" D
% U+ F; \, @/ n+ p  X0 K# RCVE编号:
' K8 Q: |( G* V2 M* E) p+ I; V: w2 P9 u, v' f6 a
安全级别:高7 ^" |. K) Z: O& V  G0 U
3 Z4 _1 ~& ?( L; V3 D& e5 g" ]
漏洞中文描述:
; @) ^7 g$ B0 l. K# A: f6 QMicrosoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。
" V0 i7 F% u# |4 R7 v' l8 w  E9 s( C8 `2 M" _
漏洞英文描述:
. s) n7 |' v5 B* p6 PMultiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs.
& ]5 O; Q; _, z4 b# H
9 {/ d9 A6 u7 y4 t4 r漏洞参考:! j+ j3 q5 r5 K
http://www.securityfocus.com/bid/8244
. A! I) T8 ~) ?+ x* R0 [7 r5 i& k; b2 u$ T1 \
系统类型: Win2000/NT
/ k9 F* d. @, H3 R, y0 L$ C: n* K8 u8 |8 p" y' t2 Y+ L* Z
漏洞类型:其他
作者: ilikenba    时间: 2004-10-19 20:12
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com



欢迎光临 数学建模社区-数学中国 (http://www.madio.net/) Powered by Discuz! X2.5