漏洞信息详情
Microsoft IIS认证类函数泄露漏洞
- CNNVD编号:CNNVD-200208-053
- 危害等级: 低危
- CVE编号: CVE-2002-0419
- 漏洞类型: 信息泄露
- 发布时间: 2002-08-12
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: microsoft
- 漏洞来源: Published by David...
漏洞简介
IIS 4至5.1版本中存在信息泄露漏洞。远程攻击者可借助(1)来自服务器的响应(揭露是否支持Basic或NTLM认证至401个访问拒绝错误消息),(2)某些配置中为Basic认证作为域提出的服务器IP地址,泄露被NAT掩盖的真实IP地址,或(3)使用NTLM认证时,服务器的NetBiOS名和它的Windows NT域在对认证请求的响应中被揭露。
漏洞公告
Currently the SecurityFocus staff are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
参考网址
来源: XF 名称: iis-authentication-error-messages(8382) 链接:http://www.iss.net/security_center/static/8382.php 来源: BID 名称: 4235 链接:http://www.securityfocus.com/bid/4235 来源: BUGTRAQ 名称: 20020305 Considerations for IIS Authentication (#NISR05032002C) 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=101535399100534&w=2
受影响实体
- Microsoft Internet_information_server:5.1
- Microsoft Internet_information_server:5.0
- Microsoft Internet_information_server:4.0:Alpha
- Microsoft Internet_information_server:4.0
- Microsoft Internet_information_services:5.0
补丁
暂无
评论