Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Microsoft Internet Information Services
Опубликовано:16 сентября 2010 г.
Источник:
SecurityVulns ID:11145
Тип:удаленная
Уровень опасности:
9/10
Описание:Обход аутентификации, переполнение буфера, DoS.
Затронутые продукты:MICROSOFT : Windows XP
 MICROSOFT : Windows 2003 Server
 MICROSOFT : Windows Vista
 MICROSOFT : Windows 2008 Server
 MICROSOFT : Windows 7
CVE:CVE-2010-2731 (Unspecified vulnerability in Microsoft Internet Information Services (IIS) 5.1 on Windows XP SP3, when directory-based Basic Authentication is enabled, allows remote attackers to bypass intended access restrictions and execute ASP files via a crafted request, aka "Directory Authentication Bypass Vulnerability.")
 CVE-2010-2730 (Buffer overflow in Microsoft Internet Information Services (IIS) 7.5, when FastCGI is enabled, allows remote attackers to execute arbitrary code via crafted headers in a request, aka "Request Header Buffer Overflow Vulnerability.")
 CVE-2010-1899 (Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability.")
Оригинальный текстdocumentMICROSOFT, Microsoft Security Bulletin MS10-065 - Important Vulnerabilities in Microsoft Internet Information Services (IIS) Could Allow Remote Code Execution (2267960) (16.09.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород