正文

IIS漏洞

admin
admin V管理员 /0 评论 /7 阅读
1230
此篇文章发布距今已超过1240天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

IIS漏洞

  • CNNVD编号:CNNVD-200012-113
    • <!--
  • 危害等级: 高危-->
  • 危害等级: 高危
  • CVE编号: CVE-2000-0886
  • 漏洞类型: 输入验证
  • 发布时间: 2000-12-19
  • 威胁类型: 远程
  • 更新时间: 2005-10-12
  • 厂        商: microsoft
  • 漏洞来源: and publicized in a Microsoft Security Bulletin (MS00-086) on November 6, 2000. The new variants of this vulnerability was discovered by Georgi Guninski on November 27, 2000 and Billy N');">Discovered by NSFo...

漏洞简介

IIS 5.0版本存在漏洞。远程攻击者借助到名字附加有操作系统命令可执行文件的畸形请求执行任意命令,也称为“Web服务器文件请求解析”漏洞。

漏洞公告

Microsoft has released patches which eliminate the vulnerability (they also rectify the vulnerability described in MS00-086, http://www.microsoft.com/technet/security/bulletin/MS00-078.asp). This patch does not address the new variants discovered by Georgi Guninski on November 27, 2000. Those who applied the IIS 5.0 released before November 30, 2000 are recommended to install the patch below. It rectifies regression errors that existed in prior versions of the patch. Microsoft IIS 4.0

  • Microsoft Q277873 http://download.microsoft.com/download/winntsp/Patch/q277873/NT4/EN-US /arbexei.exe
  • Microsoft Q277873Both patches for IIS 4.0 should be installed. http://download.microsoft.com/download/winntsp/Patch/q277873/NT4/EN-US /arbexeis.exe
Microsoft IIS 5.0
  • Microsoft Q277873Simplified Chinese http://download.microsoft.com/download/win2000platform/Patch/Q277873/N T5/CN/Q277873_W2K_sp2_x86_CN.EXE
  • Microsoft Q277873German http://download.microsoft.com/download/win2000platform/Patch/Q277873/N T5/DE/Q277873_W2K_sp2_x86_DE.EXE
  • Microsoft Q277873 http://download.microsoft.com/download/win2000platform/Patch/Q277873/N T5/EN-US/Q277873_W2K_SP2_x86_en.EXE
  • Microsoft Q277873English http://download.microsoft.com/download/win2000platform/Patch/Q277873/N T5/EN-US/Q277873_W2K_SP2_x86_en.EXE
  • Microsoft Q277873Japanese http://download.microsoft.com/download/win2000platform/Patch/Q277873/N T5/JA/Q277873_W2K_sp2_x86_JA.EXE
  • Microsoft Q277873Traditional Chinese http://download.microsoft.com/download/win2000platform/Patch/Q277873/N T5/TW/Q277873_W2K_sp2_x86_TW.EXE

参考网址

来源: MS 名称: MS00-086 链接:http://www.microsoft.com/technet/security/bulletin/MS00-086.asp 来源: BUGTRAQ 名称: 20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability 链接:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05& 来源: XF 名称: iis-invalid-filename-passing(5470) 链接:http://xforce.iss.net/xforce/xfdb/5470 来源: BID 名称: 1912 链接:http://www.securityfocus.com/bid/1912 来源: US Government Resource: oval:org.mitre.oval:def:191 名称: oval:org.mitre.oval:def:191 链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:191

受影响实体

  • Microsoft Internet_information_server:4.0  
    <!--
    2000-1-1
    -->
  • Microsoft Internet_information_server:5.0  
    <!--
    2000-1-1
    -->
  • Microsoft Internet_information_services:5.0  
    <!--
    2000-1-1
    -->

补丁

    暂无