Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... - {" Y% y# d S+ t Z来源:CNCERT 2003-08-01 8 p4 ?. N; h9 G( z" }3 e 7 s( ?' A$ g' Y- m/ ?: u ) Y. Y" Q7 B3 U) p+ O8 JCNCVE编号:CNCVE-200314388 p8 d: |8 q1 @# V y8 U2 b' s
4 F* W% H5 }: I. I; v" Z2 c
CVE编号: 7 i+ M4 B) n& j: i0 \4 i2 U0 c+ [. i0 C
安全级别:高 g/ _0 _ v# n
: K, k( ^6 O+ e( ~, P7 M2 f" d
漏洞中文描述:4 Z, |& c2 O0 @( U
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。+ }8 F) ]" O- j3 E' o/ ? U
2 S0 r1 I4 Z2 t" H/ c0 U) L! P
漏洞英文描述:2 Y( Y8 R7 i3 [# X6 C% J
Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. 6 A# ~' h2 j' U% {1 A9 [0 N* k% _( _# c, ^0 m9 m v
漏洞参考: " [" z) B6 }5 `http://www.securityfocus.com/bid/8244 0 a, H. f' S4 O; f" f" z1 O# {% b
系统类型: Win2000/NT 6 T x5 n1 b* L0 X% {6 h' [ # ^9 E4 {- y, x; z漏洞类型:其他
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com