Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... 1 d* z# Q6 y( d4 I来源:CNCERT 2003-08-01 3 G5 z0 R7 _, S3 K ; B* d d* g9 J% I6 f* E2 a6 p4 C/ S e. a: s8 @
CNCVE编号:CNCVE-200314386 {; X; ?; T$ e1 x. L
# A7 B1 k: @% j- U Y6 N
CVE编号: - W# C0 b! ~6 E$ m % q3 m" n1 `9 v6 u# e" i# S安全级别:高: Q2 b1 o9 D8 F: t
) i% @) ~! T) B; r漏洞中文描述:7 M3 W( X, ]9 `6 ]5 B' Y
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。 f, ^' \( h( O8 l& P& |) h( J6 ?7 C( q a4 s3 o6 `6 h
漏洞英文描述:7 c; ~: Y+ f' e1 g3 [+ d( k) U# ~
Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. % @5 ?1 j K: t3 l0 l$ V2 f0 l. _& v W, w8 z+ N
漏洞参考:$ w* D4 o* Z9 ~' n2 T+ y
http://www.securityfocus.com/bid/8244 3 R$ C8 C! B0 g; ^. Q! v7 W9 q- M' Y8 Q3 `5 M
系统类型: Win2000/NT " i; j7 v1 D! [1 n2 Y9 ?. P6 p/ K
漏洞类型:其他
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
