| Ãë¾àÁ¡ID |
22442 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
ÇØ´ç Adobe Macromedia ColdFusion ¼ÒÇÁÆ®¿þ¾î´Â User-Agent HTTP Çì´õ¸¦ ÅëÇÑ Cross-Site Scripting °ø°Ý¿¡ Ãë¾àÇÏ´Ù. Adobe ColdFusion MX 6.x ±×¸®°í 7.x ¹öÀüµéÀº µ¿Àû ÄÜÅÙÆ®¸¦ »ý¼ºÇÏ´Â ¹æ½ÄÀÇ ¿¡·¯ ÆäÀÌÁö¸¦ ÀÌ¿ëÇϱâ Àü¿¡ User-Agent HTTP Çì´õ·ÎÀÇ »ç¿ëÀÚ°¡ Á¦°øÇÑ ÀԷ¿¡ ´ëÇÑ ºÎÀûÀýÇÑ °ËÁõÀ¸·Î ÀÎÇÏ¿©, Cross-Site Scripting Ãë¾àÁ¡¿¡ Ãë¾àÇÏ´Ù. ¿ø°ÝÁöÀÇ °ø°ÝÀÚ´Â User-Agent HTTP Çì´õ¸¦ ÀÌ¿ëÇÏ¿© ÀÌ Ãë¾àÁ¡À» µµ¿ëÇÒ ¼ö ÀÖÀ¸¸ç, ¿µÇâÀ» ¹Þ´Â À¥ »çÀÌÆ®ÀÇ È¯°æ ÇÏ¿¡¼ »ç¿ëÀÚ ºê¶ó¿ìÀú¿¡ ÀÇÇØ ÀÓÀÇÀÇ ½ºÅ©¸³Æà Äڵ尡 ½ÇÇàµÇ¾î Áöµµ·Ï ÇÒ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.securityfocus.com/archive/1/459178/30/0/threaded
http://securitytracker.com/alerts/2007/Feb/1017645.html
http://secunia.com/advisories/24115
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Adobe Systems Incorporated, ColdFusion MX 6.x
Adobe Systems Incorporated, ColdFusion MX 7.x
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
´ÙÀ½ Adobe Security bulletin APSB07-04¸¦ ÂüÁ¶ÇÏ¿© ColdFusion MX 7.X ȤÀº ColdFusion MX 6.X¸¦ À§ÇÑ ÆÐÄ¡¸¦ Àû¿ëÇÏ¿©¾ß ÇÑ´Ù:
http://www.adobe.com/support/security/bulletins/apsb07-04.html |
| °ü·Ã URL |
CVE-2007-0817 (CVE) |
| °ü·Ã URL |
22401 (SecurityFocus) |
| °ü·Ã URL |
32438 (ISS) |
|
