Microsoft Internet Explorer HTTP请求编码漏洞

漏洞信息详情

Microsoft Internet Explorer HTTP请求编码漏洞

• CNNVD编号：CNNVD-200110-140
• 危害等级： 高危
  
  
• CVE编号：
  CVE-2001-0665
  
• 漏洞类型：
  
  
  输入验证
  
• 发布时间：
  
  2001-10-30
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-12
  
• 厂        商：
  
  microsoft
• 漏洞来源：
  Discovered by Joao…

Internet Explorer 6版本和之前版本存在漏洞。远程攻击者可以导致某些HTTP请求被自动执行并且似乎来自于用户，攻击者还可以借助该漏洞在基于网络的服务内提升特权或执行操作，也称为\”HTTP Request Encoding vulnerability\”。

Microsoft has released a patch which addresses this issue:
**Note that in order to apply the patches for IE5.01 and IE5.5 you must have Internet Explorer Service Pack 2 installed for each product.
Microsoft Internet Explorer 5.0.1 SP2

• Microsoft Q306121
  
  http://download.microsoft.com/download/ie501sp2/secpac20/5.01SP2/WIN98
  /EN-US/q306121.exe

Microsoft Internet Explorer 5.5 SP2

• Microsoft Q306121
  
  http://download.microsoft.com/download/ie55sp2/secpac20/5.5_SP2/WIN98M
  e/EN-US/q306121.exe

Microsoft Internet Explorer 6.0

• Microsoft Q306121
  
  http://download.microsoft.com/download/IE60/Secpac20/6/W98NT42KMeXP/EN
  -US/q306121.exe

来源: MS
名称: MS01-051
链接:http://www.microsoft.com/technet/security/bulletin/MS01-051.asp

来源: XF
名称: ie-url-http-requests(7259)
链接:http://xforce.iss.net/static/7259.php

来源: BID
名称: 3421
链接:http://www.securityfocus.com/bid/3421

来源: OSVDB
名称: 1972
链接:http://www.osvdb.org/1972