| Ãë¾àÁ¡ID |
21507 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â 1.8.1 ÀÌÇÏÀÇ TikiWikiÀÇ ¹öÀüÀÌ °¡µ¿ ÁßÀÌ´Ù. Tiki CMS/Groupware(TikiWiki)´Â PHP·Î Á¦ÀÛµÈ ¹«·á·Î »ç¿ë °¡´ÉÇÑ Content Management System(CMS)ÀÎ µ¿½Ã¿¡ ±×·ì¿þ¾îÀÌ´Ù. TikiWiki 1.8.1 ÀÌÇÏÀÇ ¹öÀüµé ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù. ÀÌ Ãë¾àÁ¡µéÀº ¿ø°ÝÁöÀÇ °ø°ÝÀÚ°¡ °æ·Î¸í ³ëÃâ, Cross-Site Scripting, HTML ÁÖÀÔ, SQL ÁÖÀÔ, µð·ºÅ丮 Ž»ö, ÀÓÀÇÀÇ ÆÄÀÏ ¾÷·Îµå¿Í °°Àº ´Ù¾çÇÑ °ø°ÝµéÀ» ¼öÇàÇÒ ¼ö ÀÖ°Ô ÇØ ÁÙ ¼ö ÀÖ´Ù.
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç À¥ ¼¹ö »ó¿¡ ¼³Ä¡µÈ TikiWikiÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://archives.neohapsis.com/archives/bugtraq/2004-04/0137.html
http://tikiwiki.org/tiki-read_article.php?articleId=66
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Open-Source, TikiWiki 1.8.1 ÀÌÇÏÀÇ ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
TikiWiki ´Ù¿î·Îµå À¥ »çÀÌÆ®ÀÎ http://tikiwiki.org/Download ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â TikiWikiÀÇ °¡Àå ÃֽŠ¹öÀü(1.8.2 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2004-1923,CVE-2004-1924,CVE-2004-1925,CVE-2004-1926,CVE-2004-1927 (CVE) |
| °ü·Ã URL |
10100 (SecurityFocus) |
| °ü·Ã URL |
15845,15846,15847,15848,15849 (ISS) |
|
