IIS漏洞

漏洞信息详情

IIS漏洞

• CNNVD编号：CNNVD-200012-113
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2000-0886
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2000-12-19
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Discovered by NSFo…

IIS 5.0版本存在漏洞。远程攻击者借助到名字附加有操作系统命令可执行文件的畸形请求执行任意命令，也称为“Web服务器文件请求解析”漏洞。

Microsoft has released patches which eliminate the vulnerability (they also rectify the vulnerability described in MS00-086,
http://www.microsoft.com/technet/security/bulletin/MS00-078.asp). This patch does not address the new variants discovered by Georgi Guninski on November 27, 2000.
Those who applied the IIS 5.0 released before November 30, 2000 are recommended to install the patch below. It rectifies regression errors that existed in prior versions of the patch.
Microsoft IIS 4.0

• Microsoft Q277873
  
  http://download.microsoft.com/download/winntsp/Patch/q277873/NT4/EN-US
  /arbexei.exe
• Microsoft Q277873Both patches for IIS 4.0 should be installed.
  
  http://download.microsoft.com/download/winntsp/Patch/q277873/NT4/EN-US
  /arbexeis.exe

Microsoft IIS 5.0

• Microsoft Q277873Simplified Chinese
  
  http://download.microsoft.com/download/win2000platform/Patch/Q277873/N
  T5/CN/Q277873_W2K_sp2_x86_CN.EXE
• Microsoft Q277873German
  
  http://download.microsoft.com/download/win2000platform/Patch/Q277873/N
  T5/DE/Q277873_W2K_sp2_x86_DE.EXE
• Microsoft Q277873
  
  http://download.microsoft.com/download/win2000platform/Patch/Q277873/N
  T5/EN-US/Q277873_W2K_SP2_x86_en.EXE
• Microsoft Q277873English
  
  http://download.microsoft.com/download/win2000platform/Patch/Q277873/N
  T5/EN-US/Q277873_W2K_SP2_x86_en.EXE
• Microsoft Q277873Japanese
  
  http://download.microsoft.com/download/win2000platform/Patch/Q277873/N
  T5/JA/Q277873_W2K_sp2_x86_JA.EXE
• Microsoft Q277873Traditional Chinese
  
  http://download.microsoft.com/download/win2000platform/Patch/Q277873/N
  T5/TW/Q277873_W2K_sp2_x86_TW.EXE

来源: MS
名称: MS00-086
链接:http://www.microsoft.com/technet/security/bulletin/MS00-086.asp

来源: BUGTRAQ
名称: 20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
链接:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&

来源: XF
名称: iis-invalid-filename-passing(5470)
链接:http://xforce.iss.net/xforce/xfdb/5470

来源: BID
名称: 1912
链接:http://www.securityfocus.com/bid/1912

来源: US Government Resource: oval:org.mitre.oval:def:191
名称: oval:org.mitre.oval:def:191
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:191