CVE-2006-3227
CVSS2.6
发布时间 :2006-06-26 12:05:00
修订时间 :2008-09-05 17:06:33
NMCO    

[原文]Interpretation conflict between Internet Explorer and other web browsers such as Mozilla, Opera, and Firefox might allow remote attackers to modify the visual presentation of web pages and possibly bypass protection mechanisms such as content filters via ASCII characters with the 8th bit set, which could be stripped by Internet Explorer to render legible text, but not when using other browsers. NOTE: there has been significant discussion about this issue, and as of 20060625, it is not clear where the responsibility for this issue lies, although it might be due to vagueness within the associated standards. NOTE: this might only be exploitable with certain encodings.


[CNNVD]Internet Explorer 浏览器解释冲突 访问控制绕过漏洞(CNNVD-200606-499)

        Internet Explorer与Mozilla, Opera和Firefox等其他web浏览器之间存在解释冲突。远程攻击者借助可由 Internet Explorer剥离以表现可读文字而在使用其他浏览器时无法进行的,包含第8位组的ASCII字符,来修改网页的视觉表现,并可能绕过内容过滤器等保护机制。

- CVSS (基础分值)

CVSS分值: 2.6 [轻微(LOW)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3227
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3227
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-499
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/27288
(UNKNOWN)  XF  ie-ascii-encoded-web-filter-bypass(27288)
http://www.securityfocus.com/archive/1/archive/1/438163/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060623 Re: Bypassing of web filters by using ASCII
http://www.securityfocus.com/archive/1/archive/1/438154/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060623 RE: Bypassing of web filters by using ASCII
http://www.securityfocus.com/archive/1/archive/1/438066/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060622 Re: Bypassing of web filters by using ASCII
http://www.securityfocus.com/archive/1/archive/1/438049/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060621 Re: Bypassing of web filters by using ASCII
http://www.securityfocus.com/archive/1/archive/1/437948/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060621 Bypassing of web filters by using ASCII
http://www.securityfocus.com/archive/1/438051/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060621 Re: Bypassing of web filters by using ASCII
http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2
(UNKNOWN)  MISC  http://ha.ckers.org/blog/20060621/us-ascii-xss-part-2
http://www.securityfocus.com/archive/1/archive/1/438359/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060626 RE: Bypassing of web filters by using ASCII
http://www.securityfocus.com/archive/1/archive/1/438358/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060626 Re: Bypassing of web filters by using ASCII
http://www.osvdb.org/28376
(UNKNOWN)  OSVDB  28376
http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/
(UNKNOWN)  MISC  http://ha.ckers.org/blog/20060621/malformed-ascii-bypasses-filters/

- 漏洞信息

Internet Explorer 浏览器解释冲突 访问控制绕过漏洞
低危 未知
2006-06-26 00:00:00 2006-06-26 00:00:00
远程  
        Internet Explorer与Mozilla, Opera和Firefox等其他web浏览器之间存在解释冲突。远程攻击者借助可由 Internet Explorer剥离以表现可读文字而在使用其他浏览器时无法进行的,包含第8位组的ASCII字符,来修改网页的视觉表现,并可能绕过内容过滤器等保护机制。

- 公告与补丁

        厂商已经发布补丁以解决此问题及其他问题。
        New Atlanta BlueDragon Server J2EE 6.2.1 .286
        临时解决方法:
        * 配置ACL限制非授权用户对Web接口的访问。
        目前厂商已经发布了相关补丁,请到厂商的主页下载:
        New Atlanta BlueDragon Server J2EE 6.2.1 .286
        New Atlanta BlueDragon.J2EE.309.zip
        ftp://ftp.newatlanta.com/public/bluedragon/6_2_1_302/patches/309/BlueD ragon.J2EE.309.zip
        New Atlanta BlueDragon Server 6.2.1 .286
        New Atlanta BlueDragon.Server.309.zip
        ftp://ftp.newatlanta.com/public/bluedragon/6_2_1_302/patches/309/BlueD ragon.Server.309.zip
        New Atlanta BlueDragon Server JX 6.2.1 .286
        New Atlanta BlueDragon.JX.309.zip
        ftp://ftp.newatlanta.com/public/bluedragon/6_2_1_302/patches/309/BlueD ragon.JX.309.zip
        

- 漏洞信息

28376
Microsoft IE US-ASCII Character Set Filter Bypass XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Microsoft Internet Explorer contains a flaw related to the encoding Internet transmitted content into ASCII that may allow an attacker to bypass security filters, such as intrusion detection systems.

- 时间线

2006-06-21 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站