Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... ; W5 P. _7 |+ x) A0 V来源:CNCERT 2003-08-01 , w9 F h0 \4 Y6 m' U' q
4 ~1 e( C# T+ N$ H
6 _+ L2 F* P; }% a, N) f! M
CNCVE编号:CNCVE-200314382 c8 Z x# R. J2 J
& ^1 o5 M" V7 f1 Q! O
CVE编号: : q/ o; _9 @5 T8 |8 n3 y) B" w' ^. ^
安全级别:高8 a% ^. a; \6 o1 x9 G% h( R
$ M% Y, T: A" x& q E
漏洞中文描述: " r) |; n7 \3 J+ M; @( S# rMicrosoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。 8 M0 [* h0 v5 g- }: u" ~9 `; d. m8 n- M! }- o% s2 a. B
漏洞英文描述: , e8 o1 h, @9 H M* _Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. ) I, m# q5 Z4 U & q0 P; O1 u7 x! B漏洞参考:& e* r4 q1 A9 T/ k* m- K
http://www.securityfocus.com/bid/82444 j( ^1 q/ ]* Y) } m2 I
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
