English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 22426
À§Çèµµ 30
Æ÷Æ® 8880, ...
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù WWW
»ó¼¼¼³¸í ÇØ´ç WebSphere Application ¼­¹ö´Â SOAP Æ÷Æ®¿Í °ü·ÃµÈ Cross-Site Scripting Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. IBM WebSphere Application ¼­¹ö´Â IBMÀÇ WebSphere Á¦Ç°±º¿¡ Æ÷ÇÔµÈ Á¦Ç°ÀÌ´Ù. IBM WebSphere Application ¼­¹öÀÇ 5.0.2 ÀÌÇÏ, 5.1.1.12 ÀÌÀüÀÇ 5.1.x ±×¸®°í 6.0.2¿¡¼­ 6.0.2.7 ±îÁöÀÇ ¹öÀüµéÀº SOAP Æ÷Æ®(8880/tcp) »ó¿¡¼­ 500 Internal Server Error ÆäÀÌÁö¿¡ ÀÖ´Â Cross-Site Scripting Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. ÀÌ SOAP Æ÷Æ®´Â WebSphereÀÇ µðÆúÆ® ¼³Ä¡ ½Ã¿¡ ÀÛµ¿µÈ´Ù. ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â ÀÌ Ãë¾àÁ¡À» µµ¿ëÇÏ¿© URI¸¦ ÅëÇØ ÀÓÀÇÀÇ À¥ ½ºÅ©¸³Æ®³ª XML ȤÀº HTMLÀ» ÁÖÀÔÇÒ ¼ö ÀÖ´Ù (À̶§ URI´Â ¹ÝȯµÈ ¿¡·¯ ÆäÀÌÁö »ó¿¡¼­ FAULTACTOR ÅÂ±× ³»¿¡ Æ÷ÇԵǾîÁø´Ù).

* Âü°í »çÀÌÆ®:
http://www.securityfocus.com/archive/1/450704/30/0/threaded
http://www.niscc.gov.uk/niscc/docs/br-20061031-00728.html?lang=en
http://secunia.com/advisories/20032/

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
IBM WebSphere Application Server 5.0.2.17 ÀÌÀüÀÇ ¹öÀüµé
IBM WebSphere Application Server 5.1.1.12 ÀÌÀüÀÇ 5.1.x ¹öÀüµé
IBM WebSphere Application Server 6.0.2.9 ÀÌÀüÀÇ 6.0.x ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü
ÇØ°áÃ¥ ´ÙÀ½ IBM Support & downloads À¥ »çÀÌÆ®µé¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â °¡Àå ÃÖ½ÅÀÇ WebSphere Application Server Cumulative Fix Pack(5.0.2.17 ȤÀº 5.1.1.12 ȤÀº 6.0.2.9 ȤÀº ÀÌÈÄ)À» Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:

IBM WebSphere Application Server 6.0.2ÀÇ °æ¿ì - Fix Pack 9 (6.0.2.9) Àû¿ë:
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg24012064

IBM WebSphere Application Server 5.1.1ÀÇ °æ¿ì - Cumulative Fix 12 (5.1.1.12) Àû¿ë:
http://www-1.ibm.com/support/docview.wss?rs=180&uid=swg27004980

IBM WebSphere Application Server 5.0.2ÀÇ °æ¿ì - ´õ ÀÌ»ó Áö¿øµÇÁö ¾Ê´Â´Ù. ÃÖ½ÅÀÇ IBM WebSphere Application Server·Î ¾÷±×·¹À̵å ÇØ¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2006-2431 (CVE)
°ü·Ã URL 17919 (SecurityFocus)
°ü·Ã URL 26561 (ISS)