| Ãë¾àÁ¡ID |
210109 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç Sun Java System Web Server´Â search ¸ðµâ¿¡ ÀÖ´Â Cross-Site Scripting Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. Sun Java System Web ServerÀÇ SP9 ÀÌÀüÀÇ ¹öÀü 6.1 ±×¸®°í Update 2 ÀÌÀüÀÇ ¹öÀü 7.0Àº search ¸ðµâÀÇ lib/webapps/search/index.jps ½ºÅ©¸³Æ®·Î Àü´ÞµÈ »ç¿ëÀÚ°¡ Á¦°øÇÑ ÀԷ¿¡ ´ëÇÑ ºÎÀûÀýÇÑ °ËÁõÀ¸·Î ÀÎÇÏ¿©, Cross-Site Scripting Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. ÀÌ Ãë¾àÁ¡Àº ¿ø°ÝÁöÀÇ °ø°ÝÀÚ°¡ ¾ÇÀÇÀûÀÎ HTML°ú ½ºÅ©¸³Æ® Äڵ带 Æ÷ÇÔÇÏ´Â Ãë¾àÇÑ ¾îÇø®ÄÉÀ̼ÇÀ¸·ÎÀÇ ¾ÇÀÇÀûÀÎ ¸µÅ©(link)¸¦ ¸¸µé°Ô ÇØ ÁÙ ¼ö ÀÖ´Ù. ¸¸¾à ÀÌ ¸µÅ©¸¦ µû¶ó°¡°Ô µÈ´Ù¸é ¾ÇÀÇÀûÀÎ Äڵ尡 Èñ»ýÀÚÀÇ À¥ ºê¶ó¿ìÀú¿¡¼ ½ÇÇàµÉ ¼ö ÀÖ´Ù. ÀÌ°ÍÀº ¿µÇâÀ» ¹Þ´Â À¥ »çÀÌÆ®ÀÇ º¸¾È ±ÇÇÑÀ» °¡Áö°í ÇàÇØÁö¸ç ÄíÅ° ±â¹ÝÀÇ ÀÎÁõ ½Å¿ëÁ¤º¸¸¦ »©³»°Å³ª ´Ù¸¥ °ø°ÝµéÀÇ ¼öÇàÀ» Çã¿ëÇÒ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://download.oracle.com/sunalerts/1018981.1.html
http://www.securitytracker.com/id?1019987
http://secunia.com/advisories/30133
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Sun, Java System Web Server 6.1 HP UX
Sun, Java System Web Server 6.1 AIX
Sun, Java System Web Server 6.1 Linux
Sun, Java System Web Server 6.1 X86
Sun, Java System Web Server 6.1 Windows
Sun, Java System Web Server 6.1 SPARC
Sun, Java System Web Server 7.0 HP UX
Sun, Java System Web Server 7.0 X86
Sun, Java System Web Server 7.0 Linux
Sun, Java System Web Server 7.0 Windows
Sun, Java System Web Server 7.0 SPARC
Sun, Java System Web Server 7.0 Update2 |
| ÇØ°áÃ¥ |
´ÙÀ½ »çÀÌÆ®¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â ½Ã½ºÅÛ¿¡ ÀûÀýÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
http://download.oracle.com/sunalerts/1018981.1.html |
| °ü·Ã URL |
CVE-2008-2166 (CVE) |
| °ü·Ã URL |
29087 (SecurityFocus) |
| °ü·Ã URL |
42263 (ISS) |
|
