Microsoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚... " ?% X3 x) u: }7 X* A$ Q来源:CNCERT 2003-08-01 9 V) ^$ Y3 y) D. A$ p; H: q% r+ j; z9 @# n/ n4 p
* f3 S* \" C4 f F7 V b3 iCNCVE编号:CNCVE-20031438: H {( Z6 l6 I/ u: K( i- i# M$ U4 u& F/ D
' y9 {# O: P9 @+ \9 ~" [CVE编号:) S0 Z% q. l) U" r" V2 ^3 ?5 I
; |! _$ @6 q) f4 }/ c' ^: e
安全级别:高 + q. @+ I& O: `1 Q! j. @- e8 R+ S }) Z
漏洞中文描述: 7 A9 G3 r6 D5 u/ K. kMicrosoft IIS 6.0的WEB管理接口存在多个问题,远程攻击者可以利用这个漏洞进行跨站脚本攻击,获得合法会话ID或未授权访问部分资源。$ e: t' O; X& P
6 H! m" O7 t Z+ ^
漏洞英文描述: 3 i8 N7 h x' l3 K6 B8 N$ y0 eMultiple vulnerabilities have been reported in the web admin interface that is included in Microsoft IIS 6.0. This includes multiple instances of cross-site scripting vulnerabilities. Additionally, it is reported that the web admin interface could expose valid session IDs or permit unauthorized access to areas that do not require session IDs. 1 ~0 k5 X+ M9 T Z- L7 Y% }" v% r) X4 N' a) ?5 W O n
漏洞参考: $ q0 x8 |' a$ g! |+ G3 ?http://www.securityfocus.com/bid/8244 3 `, a" f6 x1 P5 w. H0 U7 Q- u7 O7 u1 c- Q8 M4 x) h3 H
系统类型: Win2000/NT , M4 [7 x2 |, k$ \. @5 o
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com
IP卡
狗仔卡
发表于 2004-10-9 14:26
转播
淘帖
分享
收藏
支持
反对
微信
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
抢沙发
显身卡
发表于 2004-10-19 20:12
