| Ãë¾àÁ¡ID |
21875 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
CGI |
| »ó¼¼¼³¸í |
ÇØ´ç Clever Copy´Â ¹öÀü 2.0a¿Í ±× ÀÌÀüÀÇ ¹öÀüµé¿¡ Á¸ÀçÇÏ´Â ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù. Clever Copy´Â PHP·Î Á¦ÀÛµÈ ¹«·á·Î »ç¿ë °¡´ÉÇÑ À¥ Æ÷ÅÐ ¹× ´º½º Æ÷½ºÆà ½Ã½ºÅÛÀÌ´Ù. Clever Copy ¹öÀü 2.0a¿Í ±× ÀÌÀüÀÇ ¹öÀüµéÀº ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù. ÀÌ Ãë¾àÁ¡µéÀº ¿ø°ÝÁöÀÇ °ø°ÝÀÚ¿¡ ÀÇÇØ Cross-Site Scripting °ø°Ýµé°ú »çÀûÀÎ ¸Þ½ÃÁöµé¿¡ ´ëÇÑ ºñÀΰ¡µÈ ¾×¼¼½º¸¦ ¼öÇàÇϰųª ¹Î°¨ÇÑ Á¤º¸¸¦ ³ëÃâÇÏ´Â µ¥ µµ¿ëµÉ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://lostmon.blogspot.com/2005/07/clever-copy-calendarphp-yr-variable.html
http://lostmon.blogspot.com/2005/07/clever-copy-path-disclosure-and-xss.html
http://lostmon.blogspot.com/2005/07/clever-copy-unauthorized-read-delete.html
http://secunia.com/advisories/16236/
http://www.securitytracker.com/alerts/2005/Jul/1014485.html
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Clever Copy ¹öÀü 2.0a¿Í ±× ÀÌÀüÀÇ ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
Clever Copy´Â ´õ ÀÌ»ó Áö¿øµÇÁö ¾Ê´Â´Ù. º¸¾ÈÀ» À§ÇØ ´Ù¸¥ ¼Ö·ç¼ÇÀ¸·Î ´ëüÇÒ °ÍÀ» ±Ç°íÇÑ´Ù. |
| °ü·Ã URL |
CVE-2005-2324,CVE-2005-2325,CVE-2005-2326 (CVE) |
| °ü·Ã URL |
14278,14395,14397 (SecurityFocus) |
| °ü·Ã URL |
21375,21617,21639 (ISS) |
|
