| Ãë¾àÁ¡ID |
21001 |
| À§Çèµµ |
20 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
IIS 4.0°ú 5.0 FrontPage extensions ÆÐÅ°Áö¿¡ ÀÖ´Â shtml.exe ÇÁ·Î±×·¥Àº ¿ÜºÎ attacker°¡ Á¸ÀçÇÏÁö ¾Ê´Â HTML, HTM, ASP, ±×¸®°í SHTML ÆÄÀϵéÀÇ ¿äû(request)¿¡ ´ëÇØ Á¸ÀçÇÏÁö ¾Ê´Â ÆÄÀϵéÀÇ full path·Î ¿¡·¯ ¸Þ¼¼Áö¸¦ º¸¿©Áֱ⠶§¹®¿¡ À¥¼¹öÀÇ physical path¸¦ ¾Ë·ÁÁÖ´Â Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.iss.net/security_center/static/4439.php
http://archives.neohapsis.com/archives/bugtraq/2000-05/0084.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Microsoft IIS 4.0
Microsoft IIS 5.0 |
| ÇØ°áÃ¥ |
2000³â 5¿ù ÇöÀç·Î½á´Â ÀÌ Ãë¾àÁ¡À» ¸·À» ¹æ¹ýÀÌ Á¦½ÃµÇ¾î ÀÖÁö ¾Ê´Ù. ÇÊ¿äÇÏÁö ¾Ê´Ù¸é Frontpage extentions¸¦ Á¦°ÅÇÏ´Â °ÍÀÌ ÁÁ´Ù. |
| °ü·Ã URL |
CVE-2000-0413 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
