Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... 9 T. s1 k2 N, z
来源:CNCERT 2003-08-01 6 S0 d/ y/ K6 z 9 T) x8 s6 c% s D C- s( N' e! L0 {: S8 R; q2 @
CNCVE编号:CNCVE-20031438 ( P3 `+ y5 y. h8 [ M$ ^, b; G7 {( f, O M
CVE编号:- o5 ~1 H+ }7 ^
0 H; T5 i: k6 W6 i Z# L" U安全级别:高 3 O3 _1 u8 O. [) A5 O( y# h; z- \* v+ u6 ~) I n
漏洞中文描述:% @3 V R; s9 a
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。 : m2 `7 ?. C8 P0 [$ V% r 7 j8 z1 Y6 R% y) Z# P* ~# S0 A漏洞英文描述: ' K$ f4 X0 K5 j% bMultiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. 3 W; B# F( Z7 n" U: t8 \0 O2 A: ?& w3 {' n9 O8 S) m( f- L
漏洞参考:6 i5 k' ]% f0 U8 G# z4 [2 [
http://www.securityfocus.com/bid/8244 6 I) P: M1 L3 l1 V$ F5 H$ Y" G 2 N( `7 r* B5 o! U$ @系统类型: Win2000/NT : U: h! X/ U* `; i P7 l + g9 Q4 i2 j* b漏洞类型:其他
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
