漏洞信息详情
Microsoft Internet Information Services 安全漏洞
- CNNVD编号:CNNVD-200411-017 <!--
- 危害等级: 中危-->
- 危害等级: 中危
- CVE编号: CVE-2003-0718
- 漏洞类型: 其他
- 发布时间: 2004-10-12
- 威胁类型: 远程
- 更新时间: 2021-08-16
- 厂 商: microsoft
- 漏洞来源: Amit Klein※ Amit.K...
-
漏洞简介
Microsoft Internet Information Services(IIS)是美国微软(Microsoft)公司的一款适用于Windows Server平台的Web服务器。
Microsoft Internet Information Services 存在安全漏洞,该漏洞用于默认提供了对WebDAV的支持,通过WebDAV可以通过HTTP向用户提供远程文件存储的服务。Microsoft IIS包含的WEBDAV组件对特殊构建的WEBDAV请求处理不正确,远程攻击者可以利用这个漏洞利用WEBDAV消耗大量内存和CPU时间,导致拒绝服务攻击。攻击者可以构建恶意的使用XML属性的WEBDAV PROPFIND请求,可导致XML解析器消耗大量内存和CPU时间,造成拒绝服务。
漏洞公告
临时解决方法:
如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
* 关闭WEBDAV服务。
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS04-030)以及相应补丁:
MS04-030:Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)
链接:
http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx" target="_blank">
http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx
补丁下载:
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=D2C632A7-CD43-466C-A624-D841905CE181" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=D2C632A7-CD43-466C-A624-D841905CE181
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A338C59-3693-4A25-B823-431A5C21A4B7" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A338C59-3693-4A25-B823-431A5C21A4B7
Microsoft Windows XP 64-Bit Edition Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=0412A361-28C5-45F7-9853-BCDC9D7B2B97" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=0412A361-28C5-45F7-9853-BCDC9D7B2B97
Microsoft Windows XP 64-Bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=1F9CA027-B0B8-47DC-BB96-8709E3DB0DF2" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=1F9CA027-B0B8-47DC-BB96-8709E3DB0DF2
Microsoft Windows Server? 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=81CE104D-5257-447C-A2CD-D4D149581D71" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=81CE104D-5257-447C-A2CD-D4D149581D71
Microsoft Windows Server 2003 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=1F9CA027-B0B8-47DC-BB96-8709E3DB0DF2" target="_blank">
http://www.microsoft.com/downloads/details.aspx?FamilyId=1F9CA027-B0B8-47DC-BB96-8709E3DB0DF2
参考网址
来源:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2003-0718※http://www.securityfocus.com/bid/11384※http://www.nsfocus.net/vulndb/7013
链接:无
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4767
来源:BUGTRAQ
链接:http://marc.info/?l=bugtraq&m=109762641822064&w=2
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1427
来源:MS
链接:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-030
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/17645
来源:XF
链接:https://exchange.xforce.ibmcloud.com/vulnerabilities/17656
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1330
受影响实体
- Microsoft Internet_information_server:6.0<!--2000-1-1-->
- Microsoft Internet_information_server:5.1<!--2000-1-1-->
- Microsoft Internet_information_server:5.0<!--2000-1-1-->
- Microsoft Internet_information_services:5.0<!--2000-1-1-->
补丁
- Microsoft Internet Information Services WebDAV XML 安全漏洞的修复措施<!--2004-10-12-->
还没有评论,来说两句吧...