漏洞类别:Web server漏洞等级: 
漏洞信息
A component of Microsoft IIS Index Server allows unauthorized users to dump the contents of any file on the Web site. This vulnerability is contained in the 'null.htw' file, which can be tricked into disclosing ASP source code.
漏洞危害
If successfully exploited, malicious users can trick the null.htw file into disclosing the source code for ASP files. An ASP file may contain hard-coded logins and passwords, such as for accessing a database server. This information will be disclosed to the user, who can then use it to further compromise the host.
解决方案
Patch:
Following are links for downloading patches to fix the vulnerabilities:
MS00-006: Index Server 2.0 (Intel )
MS00-006: Index Server 2.0 (Alpha )
MS00-006: Indexing Service in Windows 2000 (Intel )
Virtual Patches:
Trend Micro Virtual Patching
Virtual Patch #1000567: MS Index Server '%20' ASP Source Disclosure Vulnerability
0day
文章评论