如何防止IIS可写权限漏洞
答案:2 悬赏:60 手机版
解决时间 2021-04-08 14:00
- 提问者网友:我的未来我做主
- 2021-04-08 04:09
如何防止IIS可写权限漏洞
最佳答案
- 五星知识达人网友:像个废品
- 2021-04-08 05:45
你的iis是6.0吧 没事升级到iis7
那个暂时只有大家喜欢用的伪静态规则 把asp;jpg这样的文件 重定向到一个页面
描述:
Microsoft IIS is prone to a security-bypass vulnerability.
This vulnerability may result in IIS interpreting unexpected files as CGI applications. Attackers may be able to exploit this vulnerability to bypass intended security restrictions.
Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.
解决方案: Apply associated Trend Micro DPI Rules.
过滤器标识号(IDF): 1003896
过滤器标题: 1003896 - Microsoft IIS Multiple Extension Processing Security Bypass
受感染软件和版本:
microsoft iis 5.0
microsoft iis 5.06
microsoft iis 5.1
microsoft iis 6.0
那个暂时只有大家喜欢用的伪静态规则 把asp;jpg这样的文件 重定向到一个页面
描述:
Microsoft IIS is prone to a security-bypass vulnerability.
This vulnerability may result in IIS interpreting unexpected files as CGI applications. Attackers may be able to exploit this vulnerability to bypass intended security restrictions.
Microsoft Internet Information Services (IIS) 5.x and 6.x uses only the portion of a filename before a ; (semicolon) character to determine the file extension, which allows remote attackers to bypass intended extension restrictions of third-party upload applications via a filename with a (1) .asp, (2) .cer, or (3) .asa first extension, followed by a semicolon and a safe extension, as demonstrated by the use of asp.dll to handle a .asp;.jpg file.
解决方案: Apply associated Trend Micro DPI Rules.
过滤器标识号(IDF): 1003896
过滤器标题: 1003896 - Microsoft IIS Multiple Extension Processing Security Bypass
受感染软件和版本:
microsoft iis 5.0
microsoft iis 5.06
microsoft iis 5.1
microsoft iis 6.0
全部回答
- 1楼网友:雾月
- 2021-04-08 05:51
我记得是 控制面板——管理工具——internet信息服务(如果安装上iis组件就会有这项)——双击打开找到默认站点——右击——属性——主目录 这里就有权限设置
我要举报
如以上问答信息为低俗、色情、不良、暴力、侵权、涉及违法等信息,可以点下面链接进行举报!
大家都在看
推荐资讯