CVE-2005-2678
CVSS5.0
发布时间 :2005-08-23 00:00:00
修订时间 :2016-10-17 23:29:26
NMCO    

[原文]Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.


[CNNVD]Microsoft IIS安全检查绕过漏洞(CNNVD-200508-237)

        Microsoft IIS(Internet Information Server)是Microsoft Windows系统默认自带的Web服务器软件,其中默认包含FTP服务。
        Microsoft IIS 5.1和6版本中存在漏洞。远程攻击者可借助带有http://localhost URI的GET请求欺骗SERVER_NAME变量以绕过安全检查并进行各种攻击。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:microsoft:internet_information_server:5.1Microsoft IIS 5.1
cpe:/a:microsoft:internet_information_server:6.0Microsoft IIS 6.0
cpe:/a:microsoft:internet_information_server:5.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2678
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2678
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-237
(官方数据源) CNNVD

- 其它链接及资源

http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html
(UNKNOWN)  MISC  http://ingehenriksen.blogspot.com/2005/08/remote-iis-5x-and-iis-60-server-name.html
http://marc.info/?l=bugtraq&m=112474727903399&w=2
(UNKNOWN)  BUGTRAQ  20050822 Remote IIS 5.x and IIS 6.0 Server Name Spoof
http://www.vupen.com/english/advisories/2005/1503
(UNKNOWN)  VUPEN  ADV-2005-1503

- 漏洞信息

Microsoft IIS安全检查绕过漏洞
中危 未知
2005-08-23 00:00:00 2011-07-15 00:00:00
远程  
        Microsoft IIS(Internet Information Server)是Microsoft Windows系统默认自带的Web服务器软件,其中默认包含FTP服务。
        Microsoft IIS 5.1和6版本中存在漏洞。远程攻击者可借助带有http://localhost URI的GET请求欺骗SERVER_NAME变量以绕过安全检查并进行各种攻击。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://www.support.microsoft.com/kb/906910

- 漏洞信息

18926
Microsoft IIS SERVER_NAME Variable Spoofing Filter Bypass
Remote / Network Access Input Manipulation
Loss of Confidentiality, Loss of Integrity
Exploit Public

- 漏洞描述

Microsoft IIS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a URL is supplied spoofing the server name in the http GET request. Server scripts that allow elevated privileges when accessed locally may be fooled into thinking a remote request is from a local user. This flaw may lead to a loss of confidentiality or integrity.

- 时间线

2005-08-17 2005-01-28
2005-08-17 Unknow

- 解决方案

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workarounds: Replace the '(strServername = "localhost")' check in each vulnerable script with '(strServerIP = strRemoteIP)', as the 'strServerIP' variable cannot be manipulated by a remote user. Another possible workaround is to add a new site to IIS with the host header name set to "localhost", with a root directory either containing only static content, or pointing to an empty folder with no permissions.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站