| Ãë¾àÁ¡ID |
210097 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç Symantec LiveState Apache Tomcat ¼¹ö´Â FileUpload Ŭ·¡½º¿¡ ÀÖ´Â ÆÄÀÏ ¾÷·Îµå Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. Symantec Backup Exec System Recovery Manager (BESRM)´Â ¹é¾÷ °ü¸®ÀÚ ¼Ö·ç¼ÇÀÌ´Ù. Symantec Backup Exec System Recovery Manager 7.0°ú 7.1 ¹öÀüµéÀº Symantec LiveState Apache Tomcat ¼¹ö¿¡¼ ÀÛµ¿ÇÏ´Â FileUpload Ŭ·¡½º¿¡ ÀÖ´Â Ãë¾àÁ¡À¸·Î ÀÎÇÏ¿©, ¿ø°ÝÁöÀÇ °ø°ÝÀÚ°¡ ÀÓÀÇÀÇ JSP ÆÄÀϵéÀ» ¾÷·ÎµåÇÏ¿© ½ÇÇàÇÏ°Ô ÇØ ÁÙ ¼ö ÀÖ´Ù. ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â HTTP POST ¿äûÀ» ÀÌ¿ëÇÏ¿© ÀÓÀÇÀÇ JSP ÆÄÀÏÀ» ¾÷·ÎµåÇÏ°í ¿µÇâÀ» ¹Þ´Â ½Ã½ºÅÛ »ó¿¡¼ SYSTEM ±ÇÇÑÀ» °¡Áö°í ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÏ´Â ¹æ¹ýÀ¸·Î ÀÌ Ãë¾àÁ¡À» µµ¿ëÇÒ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.symantec.com/avcenter/security/Content/2008.02.04.html
http://www.zerodayinitiative.com/advisories/ZDI-08-003.html
http://securitytracker.com/alerts/2008/Feb/1019303.html
http://secunia.com/advisories/28787
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Symantec Backup Exec System Recovery Server 7.0
Symantec Backup Exec System Recovery Server 7.0.1
Microsoft Windows Any version |
| ÇØ°áÃ¥ |
Symantec À¥ »çÀÌÆ®ÀÎ https://fileconnect.symantec.com ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Symantec Backup Exec System Recovery ManagerÀÇ °¡Àå ÃֽŠ¹öÀü(7.0.3 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2008-0457 (CVE) |
| °ü·Ã URL |
27487 (SecurityFocus) |
| °ü·Ã URL |
40260 (ISS) |
|
