Features
-
License:
Free
-
Editor's Rating:
Not rated
- Average User Rating:
-
Downloads:
2,083
- Operating Systems:
Windows NT
- Additional Requirements:
Windows NT 4.0, Internet Information Server 4.0
- Limitations:
No limitations
- Date Added:
November 08, 2000
-
Previous Versions:
Publisher's description of Microsoft IIS4 "Cross-Site Scripting" Vulnerability Patch
From Microsoft:This patch eliminates security vulnerabilities in the Microsoft Internet Information Server. The vulnerabilities could allow a malicious Web site operator to misuse another Web site as a means of attacking users. This vulnerability, known as Cross-Site Scripting (CSS), results when Web applications don't properly validate inputs before using them in dynamic Web pages. If malicious Web site operators were able to lure a user to their site, and had identified a third-party Web site that was vulnerable to CSS, they could potentially use the vulnerability to ""inject"" script into a Web page created by the other Web site, which would then be delivered to the user. The net effect would be to cause the malicious user's script to run on the user's machine. The vulnerability can affect any software that runs on a Web server, accepts user input, and blindly uses it to generate Web pages. Microsoft recommends that all vendors check their products to see if any are affected by the vulnerability, and initiated a check of its own products, as well. Several features in IIS were found to be affected--some were found by Microsoft internal teams, and others were identified by customers--and this patch eliminates all of them.
Read the FAQ for more information.
- See more CNET content tagged:
- CSS,
- Microsoft Corp.,
- Microsoft IIS Server,
- XSS,
- vulnerability
More popular Corporate Security Software downloads
- 532 downloads 1. McAfee Total Protection for Small Business
- 368 downloads 2. Activity Monitor
- 314 downloads 3. Wireshark
- 299 downloads 4. Trend Micro OfficeScan Managed Antivirus
- 292 downloads 5. Ping Tester Pro
- See all Corporate Security Software downloads
User reviews
Write your own review Be the first one to review Microsoft IIS4 "Cross-Site Scripting" Vulnerability Patch (MS00-060) and share your experience with the CNET community!
Previous versions: See all user reviews
Submit your review
You must be 13 years of age or older to submit personal information to CNET Networks. In compliance with the Children's Online Privacy Protection Act of 1998, CNET Networks does not accept name and e-mail address information from users who are under 13 years of age.
All submitted ratings and written comments become the sole property of CNET Networks, Inc. (CNET) and may be used at CNET Networks' sole discretion. Ratings and written comments are generally posted within two to four business days in batch groups, not in real time. However, CNET Networks reserves the right to remove or refuse to post any submission for any reason. You acknowledge that you, not CNET Networks, are responsible for the contents of your submission.
CNET Networks is not responsible for the content of the publisher's descriptions or user reviews on this site. We encourage you to determine whether this product or your intended use is legal. We do not encourage or condone the use of any software in violation of applicable laws. CNET Download.com does not sell, resell, or license any of the products listed on the site. We cannot be held liable for issues that arise from the download or use of these products.
