| Ãë¾àÁ¡ID |
21146 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç À¥¼¹ö¿¡ '/scripts/visadmin.exe' CGI°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù.
OmniHTTPD´Â MS Windows Ç÷§ÆûÀ» À§ÇÑ Omnicron¿¡ ÀÇÇØ Á¦°øµÈ À¥¼¹öÀÌ´Ù. ÀÌ À¥¼¹ö¿¡ ±âº»ÀûÀ¸·Î µþ·Á¼ ¼³Ä¡µÇ´Â CGI À¯Æ¿¸®Æ¼ ÁßÀÇ ÇϳªÀÎ '/scripts/visadmin.exe'¿¡ ¹ö±×°¡ Æ÷ÇԵǾî ÀÖÀ¸¸ç ÀÌ ¹ö±×¸¦ ÀÌ¿ëÇϸé ÇØ´ç À¥¼¹ö¿¡ ¼ºñ½º°ÅºÎ °ø°ÝÀ» ¼öÇàÇÒ ¼ö ÀÖ´Ù. 'visadmin.exe'À» ´ÙÀ½°ú °°ÀÌ ¼öÇàÇÏ¸é ±×·± Çö»óÀÌ ¹ß»ýÇÑ´Ù.
http://omni.server/scripts/visadmin.exe?user=guest
±×·¯¸é Çϵåµð½ºÅ©°¡ ²Ë Âû¶§±îÁö Àӽà ÆÄÀϵéÀÌ »ý±ä´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
OmniHTTPD À¥¼¹ö |
| ÇØ°áÃ¥ |
/scripts À¸·ÎºÎÅÍ visadmin.exe ÆÄÀÏÀ» »èÁ¦ÇÑ´Ù.
¡Ø Âü°í : Omnicron OmniHTTPDÀÇ 2.0 Alpha 2 release¿¡ ÀÌ ¹®Á¦°¡ fixµÈ °ÍÀ¸·Î º¸ÀδÙ. |
| °ü·Ã URL |
CVE-1999-0970 (CVE) |
| °ü·Ã URL |
1808 (SecurityFocus) |
| °ü·Ã URL |
2271 (ISS) |
|
