CVE-2001-0523
CVSS7.5
发布时间 :2001-08-14 00:00:00
修订时间 :2008-09-05 16:24:19
NMCOS    

[原文]eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted variables and perform directory traversal attacks on vulnerable programs that would otherwise be protected.


[CNNVD]eEye数字安全SecureIIS溢出保护绕过漏洞(CNNVD-200108-059)

        eEye SecureIIS 1.0.3版本及之前版本存在漏洞。远程攻击者可以通过避开请求之内的HTML字符来绕过被安排到SecureIIS的请求的过滤,远程攻击者可以使用受限变量以及对否则会被保护的易损程序执行目录遍历攻击。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:eeye_digital_security:secureiis:1.0.2
cpe:/a:eeye_digital_security:securells:1.0.3

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-0523
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0523
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200108-059
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/static/6564.php
(VENDOR_ADVISORY)  XF  eeye-secureiis-directory-traversal(6564)
http://xforce.iss.net/static/6563.php
(VENDOR_ADVISORY)  XF  eeye-secureiis-bypass-detection(6563)
http://archives.neohapsis.com/archives/bugtraq/2001-05/0197.html
(VENDOR_ADVISORY)  BUGTRAQ  20010519 RE: ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS
http://archives.neohapsis.com/archives/bugtraq/2001-05/0185.html
(VENDOR_ADVISORY)  BUGTRAQ  20010518 ASLabs-2001-01: Multiple Security Problems in eEye SecureIIS

- 漏洞信息

eEye数字安全SecureIIS溢出保护绕过漏洞
高危 路径遍历
2001-08-14 00:00:00 2005-10-20 00:00:00
远程  
        eEye SecureIIS 1.0.3版本及之前版本存在漏洞。远程攻击者可以通过避开请求之内的HTML字符来绕过被安排到SecureIIS的请求的过滤,远程攻击者可以使用受限变量以及对否则会被保护的易损程序执行目录遍历攻击。

- 公告与补丁

        Update available:
        eEye Digital Security SecureIIS 1.0.2
        
        eEye Digital Security SecureIIS 1.0.3
        

- 漏洞信息

3211
SecureIIS HTML Encoded Characters Bypass Ruleset

- 漏洞描述

SecureIIS contains a flaw that lets a remote attacker bypass the filtering and rulesets. The issue is caused due to the keyword checking mechanism that fails to check for encoded requests. If a remote attacker submits any request using HTML encoded characters, it will bypass the protection offered by SecureIIS and be passed to the web server.

- 时间线

2001-05-18 Unknow
2001-05-18 Unknow

- 解决方案

Upgrade to version 1.0.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

eEye Digital Security SecureIIS Overflow Protection Bypass Vulnerability
Design Error 2744
Yes No
2001-05-18 12:00:00 2009-07-11 06:06:00
Discovered and posted to Bugtraq by Alliance Security Labs <alliancesecuritylabs@safe-mail.net> on May 18, 2001.

- 受影响的程序版本

eEye Digital Security SecureIIS 1.0.3
- Microsoft IIS 5.0
- Microsoft IIS 4.0
eEye Digital Security SecureIIS 1.0.2
- Microsoft IIS 5.0
- Microsoft IIS 4.0
eEye Digital Security SecureIIS 1.0.4
- Microsoft IIS 5.0
- Microsoft IIS 4.0

- 不受影响的程序版本

eEye Digital Security SecureIIS 1.0.4
- Microsoft IIS 5.0
- Microsoft IIS 4.0

- 漏洞讨论

SecureIIS offers the ability to detect and block requests that have oversized fields in their HTTP headers. These requests may be indicative of an attempt to exploit a buffer overflow vulnerability in an application that uses header data.

It has been reported that SecureIIS does not adequately block some of these requests containing oversized HTTP fields.

Attackers may be able to use this vulnerability to exploit buffer overflow attacks in vulnerable applications on hosts protected by SecureIIS.

- 漏洞利用

There is no exploit code required. Choose the desired attack and send it to the target.

- 解决方案

Update available:


eEye Digital Security SecureIIS 1.0.2

eEye Digital Security SecureIIS 1.0.3

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站