Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... ' }1 h/ j! a% M来源:CNCERT 2003-08-01 3 M) V" D4 |# M8 V8 ~6 h
9 V. P/ ?; m. v$ s. G. t$ N# ?% ~/ B* T; [7 j" `! T& f
CNCVE编号:CNCVE-20031438 + E- v) }& e3 \' f7 ~8 G) E) f/ e' k/ N$ W0 i
CVE编号: Z& o( W0 `3 M" Q) d8 g ( ]. p3 A" w$ z) R$ ?安全级别:高 0 k6 ]5 P+ y4 b% Y4 M; j . L- b% i1 B& u# `! `- \) e; v漏洞中文描述: ! O) N1 |, r0 E& L3 B8 J$ k7 h+ k: p: U2 GMicrosoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。* g! y, A7 `! X
: V/ C9 C2 ~3 a8 P4 e! k9 u漏洞英文描述: 1 d$ w4 q' w8 wMultiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs.* x# d: |' R8 V* j2 d' o/ [- |
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
