ID de Prueba:	1.3.6.1.4.1.25623.1.0.10936
Categoría:	Web Servers
Título:	Microsoft Internet Information Services (IIS) Multiple Vulnerabilities (MS02-018) - Active Check
Resumen:	Microsoft Internet Information Services (IIS) is prone to; multiple vulnerabilities.
Descripción:	Summary: Microsoft Internet Information Services (IIS) is prone to multiple vulnerabilities. Vulnerability Insight: This IIS Server appears to vulnerable to one of the cross-site scripting (XSS) attacks described in MS02-018: The default '404' file returned by IIS uses scripting to output a link to top level domain part of the url requested. By crafting a particular URL it is possible to insert arbitrary script into the page for execution. Solution: The vendor has released an update. Please see the references for more information. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2002-0079 BugTraq ID: 4485 http://www.securityfocus.com/bid/4485 Bugtraq: 20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow (Google Search) http://marc.info/?l=bugtraq&m=101846993304518&w=2 http://www.cert.org/advisories/CA-2002-09.html CERT/CC vulnerability note: VU#610291 http://www.kb.cert.org/vuls/id/610291 Cisco Security Advisory: 20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml Microsoft Security Bulletin: MS02-018 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A25 http://www.iss.net/security_center/static/8795.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0147 BugTraq ID: 4490 http://www.securityfocus.com/bid/4490 CERT/CC vulnerability note: VU#669779 http://www.kb.cert.org/vuls/id/669779 http://www.osvdb.org/3301 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A22 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A72 http://www.iss.net/security_center/static/8796.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0150 BugTraq ID: 4476 http://www.securityfocus.com/bid/4476 CERT/CC vulnerability note: VU#454091 http://www.kb.cert.org/vuls/id/454091 http://www.osvdb.org/3316 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A137 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A39 http://www.iss.net/security_center/static/8797.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0149 BugTraq ID: 4478 http://www.securityfocus.com/bid/4478 CERT/CC vulnerability note: VU#721963 http://www.kb.cert.org/vuls/id/721963 http://www.osvdb.org/3320 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A132 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A95 http://www.iss.net/security_center/static/8798.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0071 @stake Security Advisory: A041002-1 http://www.atstake.com/research/advisories/2002/a041002-1.txt BugTraq ID: 4474 http://www.securityfocus.com/bid/4474 Bugtraq: 20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun (Google Search) http://marc.info/?l=bugtraq&m=101854087828265&w=2 CERT/CC vulnerability note: VU#363715 http://www.kb.cert.org/vuls/id/363715 http://www.osvdb.org/3325 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A130 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A45 http://www.iss.net/security_center/static/8799.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0072 BugTraq ID: 4479 http://www.securityfocus.com/bid/4479 Bugtraq: 20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service (Google Search) http://marc.info/?l=bugtraq&m=101853851025208&w=2 CERT/CC vulnerability note: VU#521059 http://www.kb.cert.org/vuls/id/521059 http://www.osvdb.org/3326 http://www.iss.net/security_center/static/8800.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0073 BugTraq ID: 4482 http://www.securityfocus.com/bid/4482 Bugtraq: 20020417 Microsoft FTP Service STAT Globbing DoS (Google Search) http://marc.info/?l=bugtraq&m=101901273810598&w=2 CERT/CC vulnerability note: VU#412203 http://www.kb.cert.org/vuls/id/412203 http://www.digitaloffense.net/msftpd/advisory.txt http://www.osvdb.org/3328 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A24 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A35 http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html http://www.iss.net/security_center/static/8801.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0074 BugTraq ID: 4483 http://www.securityfocus.com/bid/4483 Bugtraq: 20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues (Google Search) http://seclists.org/bugtraq/2002/Apr/0126.html CERT/CC vulnerability note: VU#883091 http://www.kb.cert.org/vuls/id/883091 http://www.cgisecurity.com/advisory/9.txt http://www.osvdb.org/3338 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A46 http://www.iss.net/security_center/static/8802.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0148 BugTraq ID: 4486 http://www.securityfocus.com/bid/4486 Bugtraq: 20020410 IIS allows universal CrossSiteScripting (Google Search) CERT/CC vulnerability note: VU#886699 http://www.kb.cert.org/vuls/id/886699 http://www.osvdb.org/3339 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A81 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A92 http://www.iss.net/security_center/static/8803.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0075 BugTraq ID: 4487 http://www.securityfocus.com/bid/4487 Bugtraq: 20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting (Google Search) http://marc.info/?l=bugtraq&m=101854677802990&w=2 CERT/CC vulnerability note: VU#520707 http://www.kb.cert.org/vuls/id/520707 http://www.osvdb.org/3341 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A210 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A58 http://www.iss.net/security_center/static/8804.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0224 BugTraq ID: 4006 http://www.securityfocus.com/bid/4006 Bugtraq: 20020131 msdtc on 3372 (Google Search) http://online.securityfocus.com/archive/1/253360 Bugtraq: 20020419 KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS (Google Search) http://online.securityfocus.com/archive/1/268593 http://www.iss.net/security_center/static/8046.php
Copyright	Copyright (C) 2002 Matt Moore

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.