Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... 5 C% M" R# g+ u0 ?1 }, o
来源:CNCERT 2003-08-01 2 ]0 Z1 j: \4 t2 s1 {3 A/ K1 I5 [/ J0 ?' k6 |# s. d* I
) x* A( ~2 `; M3 L& M3 f4 R7 y
CNCVE编号:CNCVE-20031438- U+ s' Y( q4 B+ V' T6 [4 @
8 F" j. R; R4 L9 K7 V* b" aCVE编号:8 y2 x8 ?: X/ @0 q; [: W0 y
1 j! U+ Z* B+ A8 `
安全级别:高 " ]0 H: i4 U/ j7 Y9 H( ]; F9 s- U5 k3 L- p) N; z
漏洞中文描述:! l) Q- W2 E( L
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。9 `3 i; c/ I1 m
$ M6 |( e. i! z9 O- _4 e
漏洞英文描述:$ q4 y/ K/ f" _ \4 M2 G$ d" u1 E0 U
Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs.$ i# U# V! \! p7 u3 L
) S4 O' ^+ G+ f' |2 p1 e; y
漏洞参考:# ?: c3 t+ T- {+ ]& v9 u
http://www.securityfocus.com/bid/8244 7 z* h% K- _6 q& G% ]( s' p2 s* }6 b& `8 ^ z
系统类型: Win2000/NT ; d& d$ u/ |& _, Z/ u9 l
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com