·¢²¼ÈÕÆÚ£º2008-05-20
¸üÐÂÈÕÆÚ£º2008-05-22
ÊÜÓ°Ïìϵͳ£º
IBM Lotus Domino 8.0
IBM Lotus Domino 7.0
IBM Lotus Domino 6.5
IBM Lotus Domino 6.0
IBM Lotus Domino
ÃèÊö£º
----------------------------------------------------------------------------
BUGTRAQ ID: 29310
CVE(CAN) ID: CVE-2008-2240
Lotus DominoÊǼ¯µç×ÓÓʼþ¡¢ÎĵµÊý¾Ý¿â¡¢¿ìËÙÓ¦Óÿª·¢¼¼ÊõÒÔ¼°Web¼¼ÊõΪһÌåµÄµç×ÓÓʼþÓëȺ¼¯Æ½Ì¨¡£
Lotus Domino Web·þÎñÆ÷ÖиºÔð´¦ÀíHTTPÍ·µÄ´úÂë´æÔÚÕ»Òç³ö©¶´£¬Accept Language×Ö¶ÎÊÇÖ±½Ó´ÓÇëÇóµÄHTTPÍ·ÖлñµÃµÄ£¬È»ºóʹÓÃstrcpyº¯Êý¿½±´µ½Á˹̶¨³¤¶ÈµÄÕ»»º³åÇøÖУ¬Òò´ËÔ¶³Ì¹¥»÷Õß¿ÉÒÔͨ¹ý°üº¬ÓÐGET·½Ê½µÄHTTP 1.1ÇëÇ󸲸ÇÕ»»º³åÇø£¬µ¼ÖÂÖ´ÐÐÈÎÒâÖ¸Áî¡£
<*À´Ô´£ºM. Ruks
Á´½Ó£ºhttp://secunia.com/advisories/30310/
http://www-1.ibm.com/support/docview.wss?uid=swg21303057
http://www.mwrinfosecurity.com/publications/mwri_ibm-lotus-domino-accept-
language-stack-overflow_2008-05-20.pdf
http://secunia.com/advisories/30332/
*>
½¨Ò飺
----------------------------------------------------------------------------
³§É̲¹¶¡£º
IBM
---
Ä¿Ç°³§ÉÌÒѾ·¢²¼ÁËÉý¼¶²¹¶¡ÒÔÐÞ¸´Õâ¸ö°²È«ÎÊÌ⣬Çëµ½³§É̵ÄÖ÷Ò³ÏÂÔØ£º
http://www.ers.ibm.com/
| ×ÔÓɹã¸æÇø |
| ¡¡ |