| Ãë¾àÁ¡ID |
22113 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
8080, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
Servlet |
| »ó¼¼¼³¸í |
ÇØ´ç Apache Tomcat ¼¹ö´Â DOS Device ¸í ¿äû¿¡ ÀÇÇÑ Cross Site Scripting °ø°Ýµé¿¡ Ãë¾àÇÏ´Ù.
Apache TomcatÀº Java Servlet°ú JavaServer Pages ±â¼úµéÀ» À§ÇÑ °ø½ÄÀûÀÎ ·¹ÆÛ·±½º ±¸Çö¿¡ »ç¿ëµÇ°í ÀÖ´Â Servlet Container ÀÌ´Ù.
DOS µð¹ÙÀ̽º ¸íµé¿¡ ´ëÇÑ ¿äûµéÀ» »ç¿ë, TomcatÀÌ ¿¹¿Ü (exception)¸¦ ÀÏÀ¸Å°µµ·Ï(throw) ÇÒ ¼ö ÀÖÀ¸¸ç, ¿©±â¼ TomcatÀº ´ÙÀ½°ú °°Àº Cross Site Scripting (XSS) °ø°ÝµéÀ» Çã¿ëÇÑ´Ù:
tomcat-server/COM2.IMG%20src='Javascript:alert(document.domain)'
(²©¼è(angle brackets)´Â »ý·«µÊ)
* Âü°í »çÀÌÆ®:
http://www.securiteam.com/windowsntfocus/5KP0L007FI.html
http://www.westpoint.ltd.uk/advisories/wp-02-0008.txt
Ãë¾àÇÑ Ç÷§Æû:
* Apache Tomcat v4.0.3
* Windows NT/2000
* Linux |
| ÇØ°áÃ¥ |
Apache Tomcat v4.1.3 ¥â ȤÀº ÀÌÈÄ ¹öÀüÀ¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
(CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
