| Ãë¾àÁ¡ID |
21167 |
| À§Çèµµ |
20 |
| Æ÷Æ® |
80, ¡¦ |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
Musket EmpowerÀÇ CGI µ¥ÀÌÅͺ£À̽º ½ºÅ©¸³Æ®°¡ ¼³Ä¡µÇ¾î ÀÖ´Ù. À¥¼¹ö¿¡ ´ÙÀ½°ú °°Àº Request¸¦ º¸³¿À¸·Î½á À¥ÀÇ °¡»ó µð·ºÅ丮¿¡ ´ëÇÑ ½ÇÁ¦ À§Ä¡¸¦ ã¾Æ³¾ ¼ö ÀÖ´Ù.
GET /cgi-bin/empower?DB=whatever HTTP/1.0
À§ÀÇ °á°ú·Î½á ¿ÜºÎ »ç¿ëÀÚ´Â ½ÇÁ¦ µ¥ÀÌÅͺ£À̽º Path¸¦ º¸¿©Áö´Â ¿¡·¯ ¸Þ½ÃÁö¸¦ ¾òÀ» ¼ö ÀÖ´Ù. ÀÌ´Â AttackÀ» À§ÇÑ ÁÁÀº ÀÚ·á°¡ µÉ ¼ö ÀÖ´Ù.
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Web Server |
| ÇØ°áÃ¥ |
°¡´ÉÇϸé ÃֽŠ¹öÀüÀÇ CGI¸¦ ±¸ÇÏ¿© ¾÷±×·¹À̵åÇÑ´Ù. |
| °ü·Ã URL |
CVE-2001-0224 (CVE) |
| °ü·Ã URL |
2374 (SecurityFocus) |
| °ü·Ã URL |
6093 (ISS) |
|
