5 r* m* M; n( I& W/ L漏洞中文描述:$ L* w9 [# C! y/ Q6 l
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。0 h: p r7 e: w9 r
" g3 p3 Z6 _3 D- b2 @- r漏洞英文描述:9 b) q; r* E8 p9 V
Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. ) Y- k9 u: J. d( o* L- P7 z3 u( D8 g* P' C# @1 j; p L
漏洞参考: ' Y( N0 |# m1 G" p# uhttp://www.securityfocus.com/bid/8244 * Z! {; A' W6 p9 H1 q+ [( C! p) r# Y0 c5 {, U
系统类型: Win2000/NT 4 @& }( p1 M2 T - C" v$ n) [$ g" _+ u. \漏洞类型:其他
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
