安全研究
安全漏洞
Microsoft Windows WebDAV XML消息处理远程拒绝服务漏洞(MS04-030)
发布日期:2004-10-12
更新日期:2004-10-14
受影响系统:
Microsoft IIS 6.0描述:
Microsoft IIS 5.1
Microsoft IIS 5.0
- Microsoft Windows 2000 Server SP4
- Microsoft Windows 2000 Server SP3
- Microsoft Windows 2000 Server SP2
- Microsoft Windows 2000 Server SP1
- Microsoft Windows 2000 Server
- Microsoft Windows 2000 Datacenter Server SP4
- Microsoft Windows 2000 Datacenter Server SP3
- Microsoft Windows 2000 Datacenter Server SP2
- Microsoft Windows 2000 Datacenter Server SP1
- Microsoft Windows 2000 Datacenter Server
- Microsoft Windows 2000 Advanced Server SP4
- Microsoft Windows 2000 Advanced Server SP3
- Microsoft Windows 2000 Advanced Server SP2
- Microsoft Windows 2000 Advanced Server SP1
- Microsoft Windows 2000 Advanced Server
BUGTRAQ ID: 11384
CVE(CAN) ID: CVE-2003-0718
Microsoft IIS默认提供了对WebDAV的支持,通过WebDAV可以通过HTTP向用户提供远程文件存储的服务。
Microsoft IIS包含的WEBDAV组件对特殊构建的WEBDAV请求处理不正确,远程攻击者可以利用这个漏洞利用WEBDAV消耗大量内存和CPU时间,导致拒绝服务攻击。
攻击者可以构建恶意的使用XML属性的WEBDAV PROPFIND请求,可导致XML解析器消耗大量内存和CPU时间,造成拒绝服务。
<*来源:Amit Klein (Amit.Klein@SanctumInc.com)
链接:http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx
*>
建议:
临时解决方法:
如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁:
* 关闭WEBDAV服务。
厂商补丁:
Microsoft
---------
Microsoft已经为此发布了一个安全公告(MS04-030)以及相应补丁:
MS04-030:Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151)
链接:http://www.microsoft.com/technet/security/bulletin/MS04-030.mspx
补丁下载:
Microsoft Windows 2000 Service Pack 3 and Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?FamilyId=D2C632A7-CD43-466C-A624-D841905CE181
Microsoft Windows XP and Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A338C59-3693-4A25-B823-431A5C21A4B7
Microsoft Windows XP 64-Bit Edition Service Pack 1
http://www.microsoft.com/downloads/details.aspx?FamilyId=0412A361-28C5-45F7-9853-BCDC9D7B2B97
Microsoft Windows XP 64-Bit Edition Version 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=1F9CA027-B0B8-47DC-BB96-8709E3DB0DF2
Microsoft Windows Server? 2003
http://www.microsoft.com/downloads/details.aspx?FamilyId=81CE104D-5257-447C-A2CD-D4D149581D71
Microsoft Windows Server 2003 64-Bit Edition
http://www.microsoft.com/downloads/details.aspx?FamilyId=1F9CA027-B0B8-47DC-BB96-8709E3DB0DF2
浏览次数:4180
严重程度:0(网友投票)
绿盟科技给您安全的保障