; p0 n0 H9 l, F$ \; mCVE编号:2 p+ I( l/ f, d0 C3 X% w& l e( D5 d
3 F, d1 K# F( g安全级别:高 1 c+ X( x% f2 d) g) i5 L7 X% s c$ h. g. L; |3 m/ B
漏洞中文描述:: G0 ?8 P% b F. r6 `5 w: w) ]0 ]. a
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。) d1 m1 `& l+ |# ?( F8 M. ?6 {
9 y' p! y( l& ^: W( x" g# H4 I" c漏洞英文描述: - \9 H8 H- z d8 j5 _& h0 O/ I1 CMultiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. : }3 i' N8 @: b! H6 o! v9 `' r# t7 X) X% Z& J
漏洞参考:7 u3 j( o. u7 v( J! Z
http://www.securityfocus.com/bid/8244 - [/ W* N8 ^. P* Z # H. m, c8 @4 Z1 ?" i; n系统类型: Win2000/NT 8 {# M |% |) N
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
