荔园在线
荔园之美,在春之萌芽,在夏之绽放,在秋之收获,在冬之沉淀
[回到开始]
[上一篇][下一篇]
发信人: Lg (创造人生的传奇), 信区: WinNT
标 题: [转载] Microsoft Security Bulletin (MS99-022)(转寄)
发信站: BBS 荔园晨风站 (Tue Jul 6 13:29:16 1999), 站内信件
【 以下文字转载自 Lg 的信箱 】
【 原文由 liugang.bbs@bbs.net.tsinghua.edu.cn 所发表 】
发信人: twist (胖胖鼠 ~努力减肥中), 信区: Security
标 题: Microsoft Security Bulletin (MS99-022)
发信站: BBS 水木清华站 (Mon Jun 28 18:21:34 1999)
The following is a Security Bulletin from the Microsoft Product Security
Notification Service.
Please do not reply to this message, as it was sent from an unattended
mailbox.
********************************
Microsoft Security Bulletin (MS99-022)
--------------------------------------
Patch Available for "Double Byte Code Page" Vulnerability
Originally Posted: June 24, 1999
Summary
=======
Microsoft has released a patch that eliminates a vulnerability in
Microsoft(r) Internet Information Server that could allow a web site
visitor to view the source code for selected files on the server, if the
server's default language is set to Chinese, Japanese or Korean.
Frequently asked questions regarding this vulnerability can be found
at http://www.microsoft.com/security/bulletins/MS99-022faq.asp
Issue
=====
When IIS is run on a machine on which a double-byte character set code page
is used (i.e., the default language on the server is set to Chinese,
Japanese, or Korean), and a specific URL construction is used to request a
file in a virtual directory, normal server-side processing is bypassed. As
a result, the file is simply delivered as text to the browser, thereby
allowing the source code to be viewed.
Affected Software Versions
==========================
- Microsoft Internet Information Server 3.0 and 4.0, if run on a server
whose default language is set to Chinese, Korean, or Japanese
Patch Availability
==================
- English: ftp://ftp.microsoft.com/bussys/iis/iis-public/
fixes/usa/security/fesrc-fix
- Simplified Chinese: ftp://ftp.microsoft.com/bussys/iis/iis-public/
fixes/chs/security/fesrc-fix
- Traditional Chinese: ftp://ftp.microsoft.com/bussys/iis/iis-public/
fixes/cht/security/fesrc-fix
- Japanese: ftp://ftp.microsoft.com/bussys/iis/iis-public/
fixes/jpn/security/fesrc-fix
- Korean: ftp://ftp.microsoft.com/bussys/iis/iis-public/
fixes/kor/security/fesrc-fix
NOTE: Line breaks have inserted into the above URLs for readability
NOTE: Apply the patch corresponding to the language version of IIS, rather
than the current default language on the server. For example, if you have
the English version of IIS but have reset the default language on the
server to Chinese, apply the English patch.
More Information
================
Please see the following references for more information related to this
issue.
- Microsoft Security Bulletin MS99-022: Frequently Asked Questions,
http://www.microsoft.com/security/bulletins/MS99-022faq.asp.
- Microsoft Knowledge Base (KB) article Q233335,
"Page Contents Visible When Certain Characters are at End of URL",
http://support.microsoft.com/support/kb/articles/q233/3/35.asp.
(Note: It may take 24 hours from the original posting of this bulletin
for the KB article to be visible; however, a copy will be immediately
available in the patch folder)
- Microsoft Security Advisor web site,
http://www.microsoft.com/security/default.asp.
- IIS Security Checklist,
http://www.microsoft.com/security/products/iis/CheckList.asp.
Obtaining Support on this Issue
===============================
This is a fully supported patch. Information on contacting Microsoft
Technical Support is available at
http://support.microsoft.com/support/contact/default.asp.
Revisions
=========
- June 24, 1999: Bulletin Created.
--
______ _ __
/_ __/_ __ (_) _____ / /_ 好 好 学 习
/ / | | /| / / / / / ___// __/
/ / | |/ |/ / / / (__ )/ /_ 天 天 减 肥
/_/ |__/|__/ /_/ /____/ \__/
※ 来源:·BBS 水木清华站 bbs.net.tsinghua.edu.cn·[FROM: 162.105.138.50]
--
※ 转载:.BBS 荔园晨风站 bbs.szu.edu.cn.[FROM: 210.39.3.82]
[回到开始]
[上一篇][下一篇]
荔园在线首页 友情链接:深圳大学 深大招生 荔园晨风BBS S-Term软件 网络书店