发布时间 :2000-03-30 00:00:00
修订时间 :2008-09-10 15:03:45

[原文]IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

[CNNVD]Microsoft IIS UNC映射虚拟主机漏洞(CNNVD-200003-052)

        IIS 4.0 and 5.0存在漏洞,如果虚拟路径映射到UNC共享便不能正确处理ISAPI extension,远程攻击者可以利用这个漏洞读取ASP和其他文件的源码,也称“虚拟UNC共享”漏洞。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:proxy_server:2.0Microsoft proxy_server 2.0
cpe:/a:microsoft:site_server_commerce:3.0Microsoft Site Server Commerce 3.0
cpe:/a:microsoft:commercial_internet_system:2.0Microsoft commercial_internet_system 2.0
cpe:/a:microsoft:internet_information_server:4.0Microsoft IIS 4.0
cpe:/a:microsoft:commercial_internet_system:2.5Microsoft commercial_internet_system 2.5
cpe:/a:microsoft:site_server:3.0Microsoft Site Server 3.0

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  MS  MS00-019
(UNKNOWN)  BID  1081
(UNKNOWN)  MSKB  Q249599

- 漏洞信息

Microsoft IIS UNC映射虚拟主机漏洞
中危 输入验证
2000-03-30 00:00:00 2006-09-25 00:00:00
        IIS 4.0 and 5.0存在漏洞,如果虚拟路径映射到UNC共享便不能正确处理ISAPI extension,远程攻击者可以利用这个漏洞读取ASP和其他文件的源码,也称“虚拟UNC共享”漏洞。

- 公告与补丁

        Microsoft has released patches which rectify this issue. It should be noted that Proxy Server, Site Server, Site Server Commerce Edition and Microsoft Commercial Internet System run atop IIS. Customers using these products should apply the patch appropriate for the version of IIS they are running.
        Microsoft IIS 4.0 alpha
        Microsoft IIS 4.0
        Microsoft IIS 5.0

- 漏洞信息 (19824)

MS IIS 4.0 UNC Mapped Virtual Host Vulnerability (EDBID:19824)
multiple remote
2000-03-30 Verified
0 Adam Coyne
N/A [点击下载]
MS Commercial Internet System 2.0/2.5,IIS 4.0,Proxy Server 2.0,Site Server Commerce Edition 3.0 UNC Mapped Virtual Host Vulnerability


If a virtual host root is mapped to a UNC share, a backward slash "\" appended to an ASP or HTR extension in a URL request to that virtual host will cause Microsoft Internet Information Server to transmit full source code of the file back to a remote user. Files located on the local drive where IIS is installed is not affected by this vulnerability. 


- 漏洞信息

Microsoft IIS ISAPI Virtual Directory UNC Mapping ASP Source Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality Patch / RCS
Exploit Public Vendor Verified, Third-party Verified

- 漏洞描述

- 时间线

2000-03-30 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete