Microsoft IIS UNC映射虚拟主机漏洞

漏洞信息详情

Microsoft IIS UNC映射虚拟主机漏洞

• CNNVD编号：CNNVD-200003-052
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2000-0246
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2000-03-30
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-25
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Discovered by Adam…

IIS 4.0 and 5.0存在漏洞，如果虚拟路径映射到UNC共享便不能正确处理ISAPI extension，远程攻击者可以利用这个漏洞读取ASP和其他文件的源码，也称“虚拟UNC共享”漏洞。

Microsoft has released patches which rectify this issue. It should be noted that Proxy Server, Site Server, Site Server Commerce Edition and Microsoft Commercial Internet System run atop IIS. Customers using these products should apply the patch appropriate for the version of IIS they are running.
Microsoft IIS 4.0 alpha

• Microsoft Q249599
  
  http://download.microsoft.com/download/iis40/Patch/4.2.736.1/ALPHA/EN-
  US/uncsec4a.exe

Microsoft IIS 4.0

• Microsoft Q249599
  
  http://download.microsoft.com/download/iis40/Patch/4.2.736.1/NT4/EN-US
  /uncsec4i.exe

Microsoft IIS 5.0

• Microsoft Q249599
  
  http://download.microsoft.com/download/win2000platform/Patch/Q249599/N
  T5/EN-US/Q249599_W2K_SP1_X86_en.EXE

来源: MS
名称: MS00-019
链接:http://www.microsoft.com/technet/security/bulletin/ms00-019.asp

来源: BID
名称: 1081
链接:http://www.securityfocus.com/bid/1081

来源: MSKB
名称: Q249599
链接:http://www.microsoft.com/technet/support/kb.asp?ID=249599