CVE-2003-1567
CVSS5.8
发布时间 :2009-01-14 19:30:00
修订时间 :2009-01-16 00:00:00
NMCOS    

[原文]The undocumented TRACK method in Microsoft Internet Information Services (IIS) 5.0 returns the content of the original request in the body of the response, which makes it easier for remote attackers to steal cookies and authentication credentials, or bypass the HttpOnly protection mechanism, by using TRACK to read the contents of the HTTP headers that are returned in the response, a technique that is similar to cross-site tracing (XST) using HTTP TRACE.


[CNNVD]microsoft internet_information_services 信息泄露漏洞(CNNVD-200901-175)

        Microsoft IIS是一款微软开发的WEB服务程序。
        Microsoft Internet Information Services (IIS) 5.0版本中的无正式文件的TRACK方法会在响应正文中返还原始请求的内容,这使得远程攻击者可以通过使用TRACK读取HTTP头的内容,来窃取cookies和身份认证信任证书,或绕过HttpOnly保护机制。HTTP头会在响应在反馈回来。在技术上,该漏洞与跨站脚本攻击漏洞相似。

- CVSS (基础分值)

CVSS分值: 5.8 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-200 [信息暴露]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1567
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1567
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200901-175
(官方数据源) CNNVD

- 其它链接及资源

http://www.kb.cert.org/vuls/id/288308
(UNKNOWN)  CERT-VN  VU#288308
http://www.osvdb.org/5648
(UNKNOWN)  OSVDB  5648
http://www.aqtronix.com/Advisories/AQ-2003-02.txt
(UNKNOWN)  MISC  http://www.aqtronix.com/Advisories/AQ-2003-02.txt
http://archives.neohapsis.com/archives/ntbugtraq/2003-q4/0321.html
(UNKNOWN)  NTBUGTRAQ  20031227 AQ-2003-02: Microsoft IIS Logging Failure

- 漏洞信息

microsoft internet_information_services 信息泄露漏洞
中危 信息泄露
2009-01-15 00:00:00 2009-01-16 00:00:00
远程  
        Microsoft IIS是一款微软开发的WEB服务程序。
        Microsoft Internet Information Services (IIS) 5.0版本中的无正式文件的TRACK方法会在响应正文中返还原始请求的内容,这使得远程攻击者可以通过使用TRACK读取HTTP头的内容,来窃取cookies和身份认证信任证书,或绕过HttpOnly保护机制。HTTP头会在响应在反馈回来。在技术上,该漏洞与跨站脚本攻击漏洞相似。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.kb.cert.org/vuls/id/288308

- 漏洞信息

5648
Multiple Web Server Dangerous HTTP Method TRACK
Remote / Network Access Information Disclosure
Loss of Confidentiality
Exploit Public

- 漏洞描述

The HTTP TRACK method returns the contents of client HTTP requests in the entity-body of the TRACK response. This behavior could be leveraged by attackers to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. Attackers may abuse HTTP TRACK functionality to gain access to information in HTTP headers that is not otherwise available via the DOM interface. Examples of such information are cookies and authentication data. In the presence of other cross-site domain vulnerabilities in web browsers, sensitive header information could be read from domains other than the target of the HTTP TRACK request.

- 时间线

2003-12-27 2003-01-02
2003-12-27 Unknow

- 解决方案

Based on your site requirements and policy, you should consider disabling HTTP TRACK support in your web server. For Apache web servers, use the Apache mod_rewrite module to deny HTTP TRACK requests or to permit only the methods needed to meet site requirements and policy. For Microsoft's Internet Information Service (IIS), download the URLScan tool from Microsoft to deny HTTP TRACK requests or to permit only the methods needed to meet site requirements and policy. Upgrade to the latest version of Microsoft IIS (6.0 or later), available from the Microsoft Web site. For other web servers, consult your documentation for details.

- 相关参考

- 漏洞作者

- 漏洞信息

Microsoft IIS HTTP TRACK Method Information Disclosure Vulnerability
Design Error 33374
Yes No
2003-12-28 12:00:00 2003-12-28 12:00:00
Parcifal Aertssen

- 受影响的程序版本

Microsoft IIS 5.0
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server SP1
+ Microsoft Windows 2000 Advanced Server
+ Microsoft Windows 2000 Advanced Server
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP2
- Microsoft Windows 2000 Professional SP1
- Microsoft Windows 2000 Professional SP1
+ Microsoft Windows 2000 Professional
+ Microsoft Windows 2000 Professional
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server SP1
+ Microsoft Windows 2000 Server
+ Microsoft Windows 2000 Server
Microsoft IIS 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition

- 不受影响的程序版本

Microsoft IIS 6.0
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition

- 漏洞讨论

Microsoft Internet Information Service (IIS) is prone to an information-disclosure vulnerability because the TRACK method echoes the contents of HTTP requests in its responses to clients.

Attackers can leverage this issue to obtain sensitive information such as header data and cookie-based authentication credentials or to bypass the 'HttpOnly' protection mechanism.

IIS 5.0 is vulnerable.

- 漏洞利用

To exploit this issue, an attacker must entice an unsuspecting victim into following a malicious URI.

- 解决方案

Microsft IIS 6 is reportedly not affected by this issue.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站