Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... - r+ v* H5 {* X来源:CNCERT 2003-08-01 5 o G/ _% v% O) q - l6 Y! {1 Y. E7 s h4 a; o 1 j6 e/ R3 K; n$ C9 I3 s/ O$ PCNCVE编号:CNCVE-20031438 7 z2 d) A W2 Z6 [ & C: b/ \7 `3 ^ V% V, vCVE编号:. r! ~9 W x5 ]2 D
; M; i# h3 \6 ^. i* c) B
安全级别:高9 S, x8 T, }3 O/ ?' X
* k& B; a; d, g
漏洞中文描述:" t5 s; z3 u" Y
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。0 m0 `! ^) C; I" [
/ U6 E. ]; y! c2 h漏洞英文描述: 2 c6 `( A5 e8 _7 uMultiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs.9 D9 ?+ j. H) k' S% g0 C+ d
& T; o- z4 s0 E4 I' T) S- d漏洞参考: 8 F1 N5 l0 d5 j; Z' U6 r ?' O! Hhttp://www.securityfocus.com/bid/8244* q( @* W. K- @) t3 |5 C
3 M. v1 r' w5 { M/ F: @" L系统类型: Win2000/NT Z4 u( d3 k3 A5 y0 }: t
9 h* u6 X: y( e/ \6 p Z8 _
漏洞类型:其他
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
