| Ãë¾àÁ¡ID |
21139 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç À¥¼¹ö¿¡ '/scripts/cpshost.dll' ÆÄÀÏÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù.
IIS ¹öÀü 4¿Í ÇÔ²² ¼³Ä¡µÈ MS Site Server ¹öÀü 2.0¿¡´Â µðÆúÆ® »ç¿ëÀÚ µð·ºÅ丮 Æ۹̼ÇÀ¸·Î EVERYBODY ±×·ì¿¡°Ô change ±ÇÇÑÀ» Çã¿ëÇÏ°í ÀÖ´Ù. ÀÌ Ãë¾àÁ¡Àº ¿ÜºÎÀÇ »ç¿ëÀÚ°¡ ¼¹ö³»ÀÇ »ç¿ëÀÚ Æú´õ¸¦ ¾×¼¼½ºÇÒ ¼ö ÀÖ°Ô ÇØ ÁØ´Ù. Attacker´Â PUT ¸í·ÉÀ» ÀÌ¿ëÇÏ¿© ÆäÀÌÁö¿¡ ³»¿ëÀ» UploadÇÏ°í ¿ø°ÝÀ¸·Î ¸í·ÉµéÀ» ½ÇÇà½Ãų ¼ö ÀÖ´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Microsoft IIS Server |
| ÇØ°áÃ¥ |
1. Site Server°¡ ÇÊ¿äÇÏÁö ¾Ê´Ù¸é /scripts µð·ºÅ丮·Î ºÎÅÍ ´ÙÀ½°ú °°Àº ÆÄÀϵéÀ» »èÁ¦ÇØ¾ß ÇÑ´Ù:
cpshost.dll
uploadn.asp
uploadx.asp
upload.asp
repost.asp
postinfo.asp
2. Anonymous ÀÎÅÍ³Ý °èÁ¤¿¡ ´ëÇØ ÆÄÀϽýºÅÛ¿¡ ¾²±â±ÇÇÑÀ» ¾ø¾Ö¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-1999-0360 (CVE) |
| °ü·Ã URL |
1811 (SecurityFocus) |
| °ü·Ã URL |
5384 (ISS) |
|
