| Ãë¾àÁ¡ID |
22036 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
ÇØ´ç Microsoft IIS 4.0/5.0 ¼¹ö´Â Attacker°¡ ¿ø°ÝÀ¸·Î ¾×¼¼½º µÇ¾î¼´Â ¾ÈµÉ À¥¼¹ö ½ÇÇà ÇÁ·Î±×·¥µé¿¡ ´ëÇÑ ¼Ò½ºÄڵ带 ºÎºÐÀûÀ¸·Î Àо ¼ö ÀÖ°Ô ÇØ ÁØ´Ù. ÀÌ°ÍÀº ¾Ë·ÁÁø .asp (ȤÀº .asa, .ini, µîµî) ÆÄÀÏ¿¡ ´ëÇÑ Request¿¡ "+.htr" ȤÀº "%3F+.htr"À» µ¡ºÙÀÓÀ¸·Î½á °¡´ÉÇѵ¥, ÆÄÀϵéÀÌ .HTR ISAPI È®Àå¿¡ ÀÇÇØ Çؼ®µÇ´Â °úÁ¤¿¡¼ º¸¾È»óÀÇ ¹®Á¦°¡ ¹ß»ýÇÑ´Ù. ÀÌ Ãë¾àÁ¡Àº ".HTRÀ» °æÀ¯ÇÑ ÆÄÀÏ Á¶°¢ Àбâ" Ãë¾àÁ¡ÀÇ º¯Á¾À¸·Î ºÒ¸°´Ù.
* Âü°í »çÀÌÆ®:
http://www.microsoft.com/technet/security/bulletin/MS01-004.asp
http://www.iss.net/security_center/static/5903.php |
| ÇØ°áÃ¥ |
6.0 ¹öÀü ÀÌ»óÀÇ IIS·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2001-0004 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
