IIS 6.0的WEB管理接口存在多个问题

韩冰

Microsoft IIS 6.0的WEB管理接口存在多个问题，远程攻击者可以利用这个漏洞进行跨站脚...
0 u2 v% t1 ~# e5 a, }, N" k( W" h来源：CNCERT 2003-08-01
( S% c# d; `& D9 I. g: f

; i+ K. M, E) Y# b* o/ |2 ~CNCVE编号：CNCVE-20031438

CVE编号：

; y" q4 |% p% N" u2 E安全级别：高
, N+ X* q! Z4 Z2 @8 n+ @
( M9 M( U" R) q7 X- a漏洞中文描述：
& T8 y  U- `( pMicrosoft IIS 6.0的WEB管理接口存在多个问题，远程攻击者可以利用这个漏洞进行跨站脚本攻击，获得合法会话ID或未授权访问部分资源。

; G' _6 T  m; l, A" @漏洞英文描述：
Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs.

. t+ E: s* v0 w' B4 H漏洞参考：
" o  ^% i( |( q" t: bhttp://www.securityfocus.com/bid/8244

系统类型： Win2000/NT

9 @: i8 u% K+ V漏洞类型：其他

ilikenba

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com