Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... , V+ E& Z2 K D1 a. ^# V$ W" ?+ T来源:CNCERT 2003-08-01 . a, a1 z2 l0 a
# p1 k z0 K% o. w: v9 T d4 R U" u$ d
: J/ M( o# u4 d! e n" ]' f
CNCVE编号:CNCVE-200314382 F$ N# p' A5 m R/ _8 J
1 X2 A0 _+ H# [- B: J$ l
CVE编号:$ |* V9 l$ G5 d! x8 N' k& ^
! g q2 r, G. j4 T5 J
安全级别:高- L% d/ B) K5 i1 n
) y' ~( }8 K) B2 b6 w' S- w
漏洞中文描述: 2 e: P9 U* a4 c3 h3 G! UMicrosoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。7 h3 P' e' Q, L, B6 E
$ y$ k- r4 u! w; U, e漏洞英文描述: / t; O9 O% G. Q8 u( aMultiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. ' @( V5 t+ J. l. }! w) c6 u+ ]4 O6 c4 ~; v" p2 n( a$ a
漏洞参考: ; t+ N3 O, Y2 ~5 j5 X* q4 t1 ?/ Chttp://www.securityfocus.com/bid/8244 ' B6 `1 u c! x5 G4 p : b- C9 ?' R' ]1 M+ W系统类型: Win2000/NT 4 K, F# _) f. R% G8 i8 S
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
