Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Microsoft Internet Information Server (IIS) 4.0 opens log files with FILE_SHARE_READ and FILE_SHARE_WRITE permissions, which could allow remote attackers to modify the log file contents while IIS is running.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多个厂商产品允许非特权用户修改日志文件漏洞
Vulnerability Description
多个厂商的应用软件包括(IIS 4.0和Norton Internet Security 2001)的日志文件属性设置不安全,允许拥有本地权限的非特权用户修改日志文件。 缺省情况下,微软的IIS4、IIS5将所有HTTP请求以W3C扩展日志文件格式存入文本文件中,该日志文件位于 %WinDir%\System32\LogFiles\W3SVC1目录下,每天都会创建一个日志文件。 WEB Server运行时,用户无法删除当天的日志文件,因为它被W3SVC服务锁定了。必须停止该服务才能删除当天的日志文件。 对
CVSS Information
N/A
Vulnerability Type
N/A