Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... . B" G' [6 C2 U3 \+ V2 j来源:CNCERT 2003-08-01 ^9 U" m" L4 Z# M8 u4 J
& b: g0 H" {4 G( J+ G4 g
. h. |" E s4 c/ i
CNCVE编号:CNCVE-20031438 5 g, O0 x+ I1 R+ d2 H 7 c$ A. t" p C fCVE编号: ' G' W, L, Y. P# v# |$ M6 z5 m$ N2 u ! c7 c0 K0 O( m# d! F安全级别:高 3 N- j( @8 g2 \8 m0 }' @) ] # f: V0 I+ S: v0 d$ U漏洞中文描述:, C4 _3 ~! v9 \% L
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。# v. G; I" B% x# A, W$ y8 e
) J6 o( @3 W# q3 L/ L: X; }! E
漏洞英文描述: , k9 Y- k6 @* i, P9 {Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs.) \+ B$ ?7 W' V6 P3 V% Q- }6 A7 n% t
% d) y7 l2 B6 Y9 K+ r5 e3 u
漏洞参考:2 V v1 C; ?' [
http://www.securityfocus.com/bid/82443 |: R- a- u1 }# J* i0 b& Q. m% ?
' w. ?+ G6 c5 d6 A% S$ i
系统类型: Win2000/NT 4 ^- t7 R+ G4 N* U7 C9 I. e( C " Z( w6 b6 W( |) Y漏洞类型:其他
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
