Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... & S M9 v5 N. X' T$ B来源:CNCERT 2003-08-01 2 E7 |- M: S$ j
+ ^" K5 e2 b5 q' B o' d5 u; q
# C. u$ j( P" w8 m7 RCNCVE编号:CNCVE-20031438 . v4 r/ s- w. w5 M0 O% i3 o& k3 A$ m7 R& m: Y- M- V( v
CVE编号: $ j h9 B0 D* Z+ w4 j& R ) x( r, V4 x. R" _安全级别:高 + P* h* u& @. {. T3 z % |" ^$ d/ n3 H& }3 { r g, }- a漏洞中文描述:) t. X0 J& T8 C' ^5 F( D X
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。" F) X; t+ Q2 F: G
* M- H( Z+ X% S, W( x漏洞英文描述:: z/ Z& D# y6 e" b4 I
Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. # E! R" {$ v# s, [, ^ # E% M* K# }, `. A; m6 D/ n, f漏洞参考: 6 h+ p" E: d1 K6 c1 X1 E! v8 ~* ohttp://www.securityfocus.com/bid/8244 * P3 |0 Q+ _( H7 s. [ & K' z- ?- _% h系统类型: Win2000/NT 1 a, y6 ?" P. b# v U6 h ; M. F- |# O4 J1 p/ ~漏洞类型:其他
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
