CVE-2003-0223
CVSS6.8
发布时间 :2003-06-09 00:00:00
修订时间 :2008-09-10 15:18:17
NMCOS    

[原文]Cross-site scripting vulnerability (XSS) in the ASP function responsible for redirection in Microsoft Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to embed a URL containing script in a redirection message.


[CNNVD]Microsoft IIS重定向错误页面跨站脚本执行漏洞(MS03-018)(CNNVD-200306-037)

        
        Microsoft IIS 5.0(Internet Infomation Server 5)是Microsoft Windows 2000自带的一个网络信息服务器,其中包含HTTP服务功能。
        Microsoft IIS在处理重定向错误页面时存在跨站脚本执行问题,远程攻击者可以利用这个漏洞构建恶意页面,诱使用户访问,获得用户基于认证的敏感信息。
        此跨站脚本执行攻击影响IIS 4.0,5.0和5.1,IIS在处理错误信息传递给通告用户请求URL将被重定向时,对响应的信息没有进行充分过滤。攻击者可以诱骗用户点击恶意页面,此页面包含恶意脚本代码的链接指向第三方的IIS服务器,导致IIS服务器在返回错误信息给用户时包含恶意代码,这可导致恶意脚本在用户浏览器上执行,使用户基于认证的敏感信息泄露给攻击者。
        

- CVSS (基础分值)

CVSS分值: 6.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: [--]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:internet_information_server:5.1Microsoft IIS 5.1
cpe:/a:microsoft:internet_information_server:4.0Microsoft IIS 4.0
cpe:/a:microsoft:internet_information_server:5.0

- OVAL (用于检测的技术细节)

oval:org.mitre.oval:def:66IIS ASP Function Cross-site Scripting
*OVAL详细的描述了检测该漏洞的方法,你可以从相关的OVAL定义中找到更多检测该漏洞的技术细节。

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0223
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-0223
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200306-037
(官方数据源) CNNVD

- 其它链接及资源

http://www.microsoft.com/technet/security/bulletin/ms03-018.asp
(VENDOR_ADVISORY)  MS  MS03-018

- 漏洞信息

Microsoft IIS重定向错误页面跨站脚本执行漏洞(MS03-018)
中危 输入验证
2003-06-09 00:00:00 2007-01-02 00:00:00
远程  
        
        Microsoft IIS 5.0(Internet Infomation Server 5)是Microsoft Windows 2000自带的一个网络信息服务器,其中包含HTTP服务功能。
        Microsoft IIS在处理重定向错误页面时存在跨站脚本执行问题,远程攻击者可以利用这个漏洞构建恶意页面,诱使用户访问,获得用户基于认证的敏感信息。
        此跨站脚本执行攻击影响IIS 4.0,5.0和5.1,IIS在处理错误信息传递给通告用户请求URL将被重定向时,对响应的信息没有进行充分过滤。攻击者可以诱骗用户点击恶意页面,此页面包含恶意脚本代码的链接指向第三方的IIS服务器,导致IIS服务器在返回错误信息给用户时包含恶意代码,这可导致恶意脚本在用户浏览器上执行,使用户基于认证的敏感信息泄露给攻击者。
        

- 公告与补丁

        厂商补丁:
        Microsoft
        ---------
        Microsoft已经为此发布了一个安全公告(MS03-018)以及相应补丁:
        MS03-018:Cumulative Patch for Internet Information Service (811114)
        链接:
        http://www.microsoft.com/technet/security/bulletin/MS03-018.asp

        补丁下载,此补丁需要用户先安装MS02-50的补丁:
        Microsoft IIS 4.0:
        Microsoft Patch Q811114
        
        http://microsoft.com/downloads/details.aspx?FamilyId=1DBC1914-98E9-4DED-ADBF-E9B374A1F79D&displaylang=en

        IIS 4.0补丁需要安装在运行了Windows NT 4.0 Service Pack 6a的系统。
        Microsoft IIS 5.0:
        Microsoft Patch Q811114
        
        http://microsoft.com/downloads/details.aspx?FamilyId=2F5D9852-4ADD-44F8-8715-AC3D7D7D94BF&displaylang=en

        IIS 5.0补丁需要安装在运行了Windows 2000 Service Pack 2或Service Pack 3的系统。
        Microsoft IIS 5.1:
        Microsoft Patch Q811114
        
        http://microsoft.com/downloads/details.aspx?FamilyId=77CFE3EF-C5C5-401C-BC12-9F08154A5007&displaylang=en

        Windows XP 32-bit edition版本的IIS 5.1补丁需要安装在运行了Windows XP Professional Gold和Service Pack 1的系统。
        Microsoft Patch Q811114
        
        http://microsoft.com/downloads/details.aspx?FamilyId=86F4407E-B9BF-4490-9421-008407578D11&displaylang=en

        Windows XP 64-bit edition版本的IIS 5.1补丁需要安装在运行了Windows XP Professional Gold和Service Pack 1的系统。

- 漏洞信息

7737
Microsoft IIS ASP Redirection Function XSS
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2003-05-28 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Microsoft IIS Redirection Error Page Cross-Site Scripting Vulnerability
Input Validation Error 7731
Yes No
2003-05-28 12:00:00 2009-07-11 10:06:00
Discovery is credited to SPIDynamics SPI Labs.

- 受影响的程序版本

Microsoft IIS 5.1
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
+ Microsoft Windows XP 64-bit Edition SP1
+ Microsoft Windows XP 64-bit Edition
+ Microsoft Windows XP 64-bit Edition
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home SP1
- Microsoft Windows XP Home
- Microsoft Windows XP Home
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional SP1
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
Microsoft IIS 4.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Building Broadband Service Manager (BBSM) 5.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 3.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 2.0
+ Cisco Call Manager 1.0
+ Cisco Call Manager 1.0
+ Cisco ICS 7750
+ Cisco ICS 7750
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco IP/VC 3540 Video Rate Matching Module
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.4
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.3
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.2
+ Cisco Unity Server 2.0
+ Cisco Unity Server 2.0
+ Cisco uOne 4.0
+ Cisco uOne 4.0
+ Cisco uOne 3.0
+ Cisco uOne 3.0
+ Cisco uOne 2.0
+ Cisco uOne 2.0
+ Cisco uOne 1.0
+ Cisco uOne 1.0
+ Hancom Hancom Office 2007 0
+ Hancom Hancom Office 2007 0
+ Microsoft BackOffice 4.5
+ Microsoft BackOffice 4.5
+ Microsoft Windows NT 4.0 Option Pack
+ Microsoft Windows NT 4.0 Option Pack
Microsoft IIS 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition

- 不受影响的程序版本

Microsoft IIS 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition

- 漏洞讨论

Microsoft IIS is prone to a cross-site scripting vulnerability in the redirection error page. An attacker could exploit this issue by enticing a web user to a malicious link which contains hostile HTML or script code. This code may be rendered in the user's browser when the redirection error page is displayed.

- 漏洞利用

There is no exploit required.

- 解决方案

Microsoft has released updates.

There is a dependency associated with this patch. It requires the patch from Microsoft Security Bulletin MS02-050 to be installed. If this patch is installed and MS02-050 is not present, client side certificates will be rejected. This functionality can be restored by installing the MS02-050 patch.


Microsoft IIS 5.1

Microsoft IIS 4.0

Microsoft IIS 5.0

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站