升級IIS、進行ASP源碼掃描並修正程式碼即可解決
Microsoft IIS httpdVersion: 7.5 Port 443
Microsoft IIS httpdVersion: 7.5 Port 80
| City | Taipei |
|---|---|
| Country | Taiwan |
| Organization | Taiwan Academic Network |
| ISP | Ministry of Education Computer Center |
| Last Update | 2020-03-21T22:19:09.329708 |
| ASN | AS1659 |
Web Technologies
IIS\;confidence:50
jQuery
Microsoft ASP.NET
YouTubeVulnerabilities
Note: the device may not be impacted by all of these issues. The vulnerabilities are implied based on the software and version.
| CVE-2010-1899 | Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability." |
|---|---|
| CVE-2010-2730 | Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability." |
| CVE-2010-3972 | Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information. |
| CVE-2012-2531 | Microsoft Internet Information Services (IIS) 7.5 uses weak permissions for the Operational log, which allows local users to discover credentials by reading this file, aka "Password Disclosure Vulnerability." |
| CVE-2012-2532 | Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) processes unspecified commands before TLS is enabled for a session, which allows remote attackers to obtain sensitive information by reading the replies to these commands, aka "FTP Command Injection Vulnerability." |
| CVE-2010-1256 | Unspecified vulnerability in Microsoft IIS 6.0, 7.0, and 7.5, when Extended Protection for Authentication is enabled, allows remote authenticated users to execute arbitrary code via unknown vectors related to "token checking" that trigger memory corruption, aka "IIS Authentication Memory Corruption Vulnerability." |
沒有留言:
張貼留言
注意:只有此網誌的成員可以留言。