Ãë¾àÁ¡ID |
210076 |
À§Çèµµ |
30 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
CGI |
»ó¼¼¼³¸í |
ÇØ´ç Apache Tomcat ¼¹ö´Â Cross-Site Scripting °ø°Ý¿¡ Ãë¾àÇÑ 'cal2.jsp' ¿¹Á¦ ½ºÅ©¸³Æ®¸¦ °¡Áö°í ÀÖ´Ù. Apache Tomcat 4.0.0 - 4.0.6, 4.1.0 - 4.1.31, 5.0.0 - 5.0.30, ±×¸®°í 5.5.0 - 5.5.15´Â /jsp-examples/cal/cal2.jsp ±×¸®°í /examples/jsp/cal/cal2.jsp ¿¹Á¦ ½ºÅ©¸³Æ®µé·Î Àü´ÞµÈ »ç¿ëÀÚ°¡ Á¦°øÇÑ ÀԷ¿¡ ´ëÇÑ ºÎÀûÀýÇÑ °ËÁõÀ¸·Î ÀÎÇÏ¿©, Cross-Site Scripting Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. ÀÌ Ãë¾àÁ¡Àº ¿ø°ÝÁöÀÇ °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀÎ HTML°ú ½ºÅ©¸³Æ® Äڵ带 Æ÷ÇÔÇÏ´Â Ãë¾àÇÑ ¾îÇø®ÄÉÀ̼ÇÀ¸·ÎÀÇ ¾ÇÀÇÀûÀÎ ¸µÅ©(link)¸¦ ¸¸µé°Ô ÇØ ÁÙ ¼ö ÀÖ´Ù. ¸¸¾à ÀÌ ¸µÅ©¸¦ µû¶ó°¡°Ô µÈ´Ù¸é ¾ÇÀÇÀûÀÎ Äڵ尡 Èñ»ýÀÚÀÇ À¥ ºê¶ó¿ìÀú¿¡¼ ½ÇÇàµÉ ¼ö ÀÖ´Ù. ÀÌ°ÍÀº ¿µÇâÀ» ¹Þ´Â À¥ »çÀÌÆ®ÀÇ º¸¾È ±ÇÇÑÀ» °¡Áö°í ÇàÇØÁö¸ç ÄíÅ° ±â¹ÝÀÇ ÀÎÁõ ½Å¿ëÁ¤º¸¸¦ »©³»°Å³ª ´Ù¸¥ °ø°ÝµéÀÇ ¼öÇàÀ» Çã¿ëÇÒ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®: http://tomcat.apache.org/security-4.html http://tomcat.apache.org/security-5.html http://www.securityfocus.com/archive/1/478491/30/0/threaded http://www.securityfocus.com/archive/1/478609/30/0/threaded
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: The Apache Software Foundation, Tomcat 4.0.0 - 4.0.6 The Apache Software Foundation, Tomcat 4.1.0 - 4.1.31 The Apache Software Foundation, Tomcat 5.0.0 - 5.0.30 The Apache Software Foundation, Tomcat 5.5.0 - 5.5.15 ¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
ÇØ°áÃ¥ |
¸¸¾à ÇÊ¿äÇÏÁö ¾Ê´Ù¸é Tomcat ¿¹Á¦ À¥ ¾îÇø®ÄÉÀ̼ǵéÀ» Á¦°ÅÇÑ´Ù.
-- ȤÀº --
Apache Tomcat À¥ »çÀÌÆ®µéÀÎ http://tomcat.apache.org/security-4.html ȤÀº http://tomcat.apache.org/security-5.html ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache TomcatÀÇ °¡Àå ÃֽŠ¹öÀü(4.1.32 ȤÀº 5.5.16 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2006-7196 (CVE) |
°ü·Ã URL |
25531 (SecurityFocus) |
°ü·Ã URL |
34209 (ISS) |
|