Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... . j. {* D) w' M1 [7 O( `9 i* C来源:CNCERT 2003-08-01 9 K- `7 m3 e: ^8 l/ y 2 u# ~( p: g, S# H+ f* d3 v) I& V" T( ]- k# O: t
CNCVE编号:CNCVE-20031438# D% K& M8 ^7 R$ {- t
) M4 S; B8 S+ J+ B( B6 F
CVE编号: * e0 ^7 ^( P7 n" l! U( W0 ]2 y3 \$ I6 Y# s' v6 A2 B1 P: E
安全级别:高 ) j9 r* M! w. Q _1 U8 o, @ " v ?0 [" L! W9 g+ L漏洞中文描述:! E1 v% |5 ]7 X6 X }( k
Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。 # T; ^ [/ G7 J& e& u& `2 N , ~0 v i8 |2 ^6 I' u9 ^% o o漏洞英文描述:7 d# i/ f4 o" z, I4 a/ O q4 f
Multiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs./ h- V' }4 O! N0 h5 n
1 ~' k0 J; j; ^7 E q5 u. Y' `& M
漏洞参考:& N' P& s) N9 J$ v/ Q& K, _% x
http://www.securityfocus.com/bid/82447 M+ m4 H6 F6 p3 c
' t$ }$ A* w9 r( v% [! L1 Q; f2 G系统类型: Win2000/NT Z5 H2 c m9 J: U8 q( c: h/ t r6 A& t3 @
漏洞类型:其他
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
