Kh?c ph?c: ISA 2006 kh?i xu?t b?n trang web yu c?u cho cc URL bao g?m v?n chuy?n tr? v? (CR) ho?c linefeeds (LF)

D?ch tiu ? D?ch tiu ?
ID c?a bi: 2622172 - Xem s?n ph?m m bi ny p d?ng vo.
Quan tr?ng Bi vi?t ny ch?a thng tin cho b?n th?y lm th? no ? gip thi?t ?t b?o m?t th?p hn ho?c lm th? no ? t?t tnh nng b?o m?t trn my tnh. Ban co th thc hin nhng thay i nay giai quyt mt vn cu th. Tr?c khi b?n th?c hi?n nh?ng thay ?i ny, chng ti khuyn b?n nh gi cc r?i ro lin quan ?n vi?c th?c hi?n quy tr?nh ny trong mi tr?ng c? th? c?a b?n. N?u b?n th?c hi?n cc th? t?c ny, m?t b?t k? b?c b? sung thch h?p ? gip b?o v? my tnh.
Bung t?t c? | Thu g?n t?t c?

TRI?U CH?NG

Hay xem xet cac tinh hung sau:
  • B?n xu?t b?n m?t trang web thng qua Microsoft Internet Security v tng t?c (ISA) Server 2006 b?ng cch s? d?ng cc h?nh th?c d?a trn xc th?c.
  • B?n truy c?p trang web b?ng cch s? d?ng m?t URL c ch?a m?t s? tr? l?i thot ?c v?n chuy?n ("% 0 D") ho?c m?t linefeed ("% 0A") trong URL.

Trong tr?ng h?p ny, ISA Server 2006 ch?n quy?n truy c?p vo URL. Ngoi ra, cc b?n ghi ISA Web Proxy hi?n th? m?t m? s? k?t qu? c?a 12232 b? t? ch?i yu c?u.

Chu y Lu ? r?ng m? k?t qu? ny c?ng c th? ng nh?p v? cc v?n ? khc v r?ng URL ?c ng nh?p s? ph?i ?c xem xt cho % 0a ho?c % 0 d k? t? ? xc ?nh xem y l v?n ? m b?n c kinh nghi?m.

NGUYN NHN

V?n ? ny x?y ra b?i v? cc b? l?c cc h?nh th?c xc th?c d?a trn ch?n ?c bi?t ?n cross-site scripting v cc cu?c t?n cng c lin quan. Trong tr?ng h?p ny, cc b? l?c l ch?n ph?n ?ng thng qua vi?c tch cc cu?c t?n cng m c?ng bao g?m v?n chuy?n l?i nhu?n ho?c linefeeds. Tuy nhin, cc URL h?p l? c?ng c th? bao g?m cc k? t?. V d?, ?ng d?ng IBM h?p l? Clearquest ?c bi?t l s? d?ng tr? v? v?n chuy?n ho?c linefeeds trong cc URL c?a n.

GI?I PHP

? gi?i quy?t v?n ? ny, ci ?t ISA Server 2006 hotfix rollup gi ?c m t? trong bi vi?t c s? ki?n th?c Microsoft sau y:
2616326 M t? c?a gi ph?n m?m hotfix ISA Server 2006: thng 9 nm 2011

THNG TIN THM

C?nh bo Th? t?c ny c th? lm cho m?t my tnh ho?c m?ng d? b? t?n cng b?i ng?i s? d?ng ?c h?i, ho?c b?ng cc ph?n m?m ?c h?i nh vi-rt. Chng ti khng khuyn b?n nn th? t?c ny, nhng ang cung c?p thng tin ny do b?n c th? th?c hi?n cc th? t?c ny theo ? ring c?a b?n. S? d?ng th? t?c ny nguy c c?a ring b?n.

Cc k?ch b?n sau y s? v hi?u ho hnh vi m?c ?nh trong ISA Server 2006 Service Pack 1 v cho php ISA Server cho php cc URL c ch?a v?n chuy?n tr? v? (CR) ho?c linefeeds (LF) t?i ?a ch? URL. ? s? d?ng k?ch b?n ny, h?y lm theo cc b?c sau.

Quan tr?ngChu y V hi?u ho hnh vi ny m?c ?nh c?a ISA Server 2006 SP1 (? ch?a ?ng d?ng nh v?y) c?ng c th? cho php ISA Server ? c kh? nng cho php cc URL c ?c ?c bi?t crafted cho cc cu?c t?n cng "cross-site gi? m?o yu c?u" khi ISA Server s? d?ng h?nh th?c d?a trn xc th?c.
  1. B?t ?u Notepad.
  2. Dn o?n m? sau vo m?t ti li?u m?i.
    Const SE_VPS_GUID = "{143F5698-103B-12D4-FF34-1F34767DEabc}"
    Const SE_VPS_NAME = "AllowNewlineInURL"
    Const SE_VPS_VALUE = true
     
    Sub SetValue()
     
        ' Create the root object.
        Dim root  ' The FPCLib.FPC root object
        Set root = CreateObject("FPC.Root")
     
        'Declare the other objects needed.
        Dim array       ' An FPCArray object
        Dim VendorSets  ' An FPCVendorParametersSets collection
        Dim VendorSet   ' An FPCVendorParametersSet object
     
        ' Get references to the array object
        ' and to the network rules collection.
        Set array = root.GetContainingArray
        Set VendorSets = array.VendorParametersSets
     
        On Error Resume Next
        Set VendorSet = VendorSets.Item( SE_VPS_GUID )
     
        If Err.Number <> 0 Then
            Err.Clear
     
            ' Add the item
            Set VendorSet = VendorSets.Add( SE_VPS_GUID )
           CheckError
            WScript.Echo "New VendorSet added... " & VendorSet.Name
     
        Else
            WScript.Echo "Existing VendorSet found... value- " &  VendorSet.Value(SE_VPS_NAME)
        End If
     
        if VendorSet.Value(SE_VPS_NAME) <> SE_VPS_VALUE Then
     
            Err.Clear
            VendorSet.Value(SE_VPS_NAME) = SE_VPS_VALUE
     
            If Err.Number <> 0 Then
                CheckError
            Else
                VendorSets.Save false, true
                CheckError
     
                If Err.Number = 0 Then
                    WScript.Echo "Done with " & SE_VPS_NAME & ", saved!"
                End If
            End If
        Else
            WScript.Echo "Done with " & SE_VPS_NAME & ", no change!"
        End If
     
    End Sub
     
    Sub CheckError()
     
        If Err.Number <> 0 Then
            WScript.Echo "An error occurred: 0x" & Hex(Err.Number) & " " & Err.Description
            Err.Clear
        End If
     
    End Sub
     
    SetValue
  3. Trn cc Tp tr?nh n, nh?p vo Lu lam, v sau lu cc t?p tin nh AllowNewlineInURL.vbs.
  4. T?i d?u nh?c l?nh, g? l?nh sau, v sau nh?n Enter:
    cscript AllowNewlineInURL.vbs
? tr? v? hnh vi m?c ?nh trong ISA Server 2006 Service Pack 1 ? ch?n cc URL c th? ch?a cc cu?c t?n cng gi? m?o cross-site yu c?u khi b?n s? d?ng cc h?nh th?c d?a trn xc th?c, h?y lm theo cc b?c sau:
  1. B?t ?u Notepad v sau m? cc t?p l?nh AllowNewlineInURL.vbs.
  2. Xc ?nh v? tr d?ng sau m? trong k?ch b?n.
    Const SE_VPS_VALUE = true
    
  3. Thay ?i m? ? d?ng sau:
    Const SE_VPS_VALUE = false
    
  4. Trn cc Tp tr?nh n, nh?p vo Lu.
  5. T?i d?u nh?c l?nh, g? l?nh sau, v sau nh?n Enter:
    cscript AllowNewlineInURL.vbs

T?NH TR?NG

Microsoft ? xc nh?n r?ng y l m?t v?n ? trong cc s?n ph?m c?a Microsoft ?c li?t k trong ph?n "p d?ng cho".

THAM KH?O

bit thm thng tin v thut ng cp nht phn mm, hay bm vao s bai vit sau xem bai vit trong C s Kin thc Microsoft:
824684 M ta thut ng chun c s dung m ta cac ban cp nht phn mm cua Microsoft

Thu?c tnh

ID c?a bi: 2622172 - L?n xem xt sau cng: 06 Thang Mi 2011 - Xem xt l?i: 2.0
p d?ng
  • Microsoft Internet Security and Acceleration Server 2006 Service Pack 1, khi ?c dng v?i:
    • Microsoft Internet Security and Acceleration Server 2006 Enterprise Edition
    • Microsoft Internet Security and Acceleration Server 2006 Standard Edition
T? kha:
kbfix kbqfe kbexpertiseadvanced kbsurveynew kbhotfixserver kbhotfixrollup kbmt KB2622172 KbMtvi
My d?ch
QUAN TRONG: Bi vi?t ny ?c d?ch b?ng ph?n m?m d?ch my c?a Microsoft ch? khng ph?i do con ng?i d?ch. Microsoft cung c?p cc bi vi?t do con ng?i d?ch v c? cc bi vi?t do my d?ch ? b?n c th? truy c?p vo t?t c? cc bi vi?t trong C s? Ki?n th?c c?a chng ti b?ng ngn ng? c?a b?n. Tuy nhin, bi vi?t do my d?ch khng ph?i lc no c?ng hon h?o. Lo?i bi vi?t ny c th? ch?a cc sai st v? t? v?ng, c php ho?c ng? php, gi?ng nh m?t ng?i n?c ngoi c th? m?c sai st khi ni ngn ng? c?a b?n. Microsoft khng ch?u trch nhi?m v? b?t k? s? thi?u chnh xc, sai st ho?c thi?t h?i no do vi?c d?ch sai n?i dung ho?c do ho?t ?ng s? d?ng c?a khch hng gy ra. Microsoft c?ng th?ng xuyn c?p nh?t ph?n m?m d?ch my ny.
Nh?p chu?t vo y ? xem b?n ti?ng Anh c?a bi vi?t ny:2622172

Cung cp Phan hi

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com