Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... / u1 A5 n, s D2 g2 b$ w来源:CNCERT 2003-08-01 7 M/ o# x- P4 T* y- p" b ( Q. d* p; H+ |5 G9 N 1 L ^5 g% Q/ C# vCNCVE编号:CNCVE-20031438$ Y# n, _0 \/ b" m; I
8 |0 X9 r y1 ~. H
CVE编号:$ f$ k; A) I5 U" A% N" u" j
7 I4 s+ _/ y0 q
安全级别:高( b5 V8 E$ E$ P9 {9 \
$ g! b6 l, v! u4 a( R7 ?+ G漏洞中文描述:3 H) v& [) o2 d" U$ t
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。 * n n; P& P {& D ! ^6 {/ M9 i* e0 q2 w% P$ @漏洞英文描述:6 x6 A1 l: t) @& p1 ] X
Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. $ u# G2 w) S; m! w5 |9 m) L) I, G7 F5 r
漏洞参考:4 e. k3 U. J8 ~/ [
http://www.securityfocus.com/bid/8244 ( B# W H9 U% p- |; P, @1 Z6 |" k1 P7 i: [2 z' b& Y
系统类型: Win2000/NT ' u* q6 E6 l2 U$ {' A8 L* o' m& N( h0 @; p" i& k, c& F
漏洞类型:其他
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com