| Ãë¾àÁ¡ID |
22027 |
| À§Çèµµ |
20 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
ÇØ´ç ColdFusion ¼¹ö´Â Á¤º¸ ³ëÃâ Ãë¾àÁ¡À» °¡Áö°í ÀÖ´Ù. (GET /index.cfm?Mode=debug¿Í °°ÀÌ) ¿äûÀÇ ³¡ºÎºÐ¿¡ '?Mode=debug' ¸¦ µ¡ºÙÀÓÀ¸·Î½á ColdFusionÀÇ Debug Á¤º¸¸¦ º¼ ¼ö ÀÖ´Ù.
ColdFusionÀÇ 4.5¿Í 5.0, ȤÀº ±× ÀÌÀü ¹öÀüµéÀÌ Ãë¾àÇÏ´Ù. Debug Á¤º¸´Â ´ë°³ 'Template Path' ȤÀº 'Server Version'°ú °°Àº Áß¿äÇÑ µ¥ÀÌÅ͵éÀÌ Æ÷ÇԵǾî ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.kb.cert.org/vuls/id/913704
http://www.iss.net/security_center/static/6792.php
http://cgi.nessus.org/plugins/dump.php3?id=10039 |
| ÇØ°áÃ¥ |
ColdFusion Admin¿¡ ÀÖ´Â Debug Settings¿¡ IP (¿¹¸¦µé¾î, 127.0.0.1)¸¦ ÀÔ·ÂÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
