发布时间 :2000-12-19 00:00:00
修订时间 :2008-09-05 16:22:15

[原文]The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.

[CNNVD]Windows 2000平台Microsoft索引服务CiWebHitsFile组件跨站脚本攻击(CSS)漏洞(CNNVD-200012-152)

        Windows 2000平台Microsoft索引服务中CiWebHitsFile组件存在漏洞。远程攻击者借助.htw 请求中CiRestriction参数执行跨站脚本攻击(CSS)漏洞,又称为“索引服务跨站脚本”漏洞。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)


- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  iis-htw-cross-scripting
(UNKNOWN)  BUGTRAQ  20001028 IIS 5.0 cross site scripting vulnerability - using .htw

- 漏洞信息

Windows 2000平台Microsoft索引服务CiWebHitsFile组件跨站脚本攻击(CSS)漏洞
中危 未知
2000-12-19 00:00:00 2006-09-01 00:00:00
        Windows 2000平台Microsoft索引服务中CiWebHitsFile组件存在漏洞。远程攻击者借助.htw 请求中CiRestriction参数执行跨站脚本攻击(CSS)漏洞,又称为“索引服务跨站脚本”漏洞。

- 公告与补丁


- 漏洞信息 (20335)

Microsoft Indexing Services for Windows 2000/NT 4.0 .htw Cross-Site Scripting Vulnerability (EDBID:20335)
windows remote
2000-10-28 Verified
0 Georgi Guninski
N/A [点击下载]

A cross-site scripting vulnerability has been reported in Microsoft Indexing Services for Windows 2000/NT4 and its handling of the .htw extension. If a user inadvertantly opened a hostile link through a browser or HTML compliant e-mail client, active content such as JavaScript may be executed. For example, the following link when processed by IIS will yield successful exploitation:

http://target/null.htw?CiWebHitsFile=filename.htm&CiRestriction="<SCRIPT>Active Scripting</SCRIPT>"

It is not necessary to specify a valid .htw file because the virtual file null.htw is stored in memory and the .htw extension is mapped by default to webhits.dll.

Indexing Services is shipped with Windows 2000, however is not started by default. Those who are running a web server and have enabled Indexing Services are recommended to apply the patch.

- 漏洞信息

Microsoft Indexing Services for Windows 2000 .htw XSS
Remote / Network Access Input Manipulation
Loss of Integrity Workaround, Patch / RCS
Exploit Private Vendor Verified

- 漏洞描述

IIS 5.0 Indexing Services for Windows 2000 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the CiRestriction parameter in a .htw request upon submission, allowing Active Scripting to execute on a the host's browser. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. A remote attacker can visit a Web page containing malicious code that requests an .htw file, causing Active Scripting to execute active content on a visiting user's computer.

- 时间线

2000-10-28 Unknow
Unknow 2000-11-02

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch (MS00-084) to address this vulnerability. Microsoft also recommends filtering special characters. Check the vendor advisory or solution in the references section.

- 相关参考

- 漏洞作者

Unknown or Incomplete