¸¹Àº ¼öÀÇ Æû Å°, ÆÄÀÏ ¶Ç´Â JSON ÆäÀÌ·Îµå ¸â¹ö°¡ ÀÖ´Â ASP.NET ¿äûÀÌ ¿¹¿Ü¸¦ ³ªÅ¸³»¸ç ½ÇÆÐÇÔ

±â¼ú ÀÚ·á: 2661403 - ÀÌ ¹®¼­°¡ Àû¿ëµÇ´Â Á¦Ç° º¸±â.
¸ðµÎ È®´ë | ¸ðµÎ Ãà¼Ò

¿ä¾à

Microsoft º¸¾È ¾÷µ¥ÀÌÆ® MS11-100Àº HTTP ¿äû¿¡¼­ Æû Å°, ÆÄÀÏ ¹× JSON ¸â¹öÀÇ ÃÖ´ë ¼ö¸¦ 1000°³·Î Á¦ÇÑÇÕ´Ï´Ù. ÀÌ·¯ÇÑ º¯°æ ³»¿ë ¶§¹®¿¡ ASP.NET ÀÀ¿ë ÇÁ·Î±×·¥Àº ÀÌ·¯ÇÑ ¿ä¼Ò°¡ 1000°³¸¦ ³ÑÀ» °æ¿ì ¿äûÀ» °ÅºÎÇÕ´Ï´Ù. ÀÌ·¯ÇÑ Á¾·ùÀÇ ¿äûÀ» ¼öÇàÇÏ´Â HTTP Ŭ¶óÀ̾ðÆ®´Â °ÅºÎµÇ¸ç À¥ ºê¶ó¿ìÀú¿¡¼­ ¿À·ù ¸Þ½ÃÁö°¡ ³ªÅ¸³³´Ï´Ù. ÀÌ ¿À·ù ¸Þ½ÃÁö´Â ÀϹÝÀûÀ¸·Î HTTP 500 »óÅ Äڵ带 Æ÷ÇÔÇÕ´Ï´Ù. ÀÌ·¯ÇÑ »õ·Î¿î Á¦ÇÑÀº ÀÀ¿ë ÇÁ·Î±×·¥ ´ÜÀ§·Î ±¸¼ºµÉ ¼ö ÀÖ½À´Ï´Ù. ±¸¼º Áöħ¿¡ ´ëÇؼ­´Â "ÇØ°á ¹æ¹ý" ÀýÀ» ÂüÁ¶ÇϽʽÿÀ.


À§·Î °¡±â | Çǵå¹é º¸³»±â

Çö»ó

¸¹Àº ¼öÀÇ Æû Å°, ÆÄÀÏ ¶Ç´Â JSON ÆäÀ̷ε尡 ÀÖ´Â ASP.NET ¿äûÀÌ ¼öÇàµÇ¸é ¼­¹ö¿¡¼­ ¿À·ù ÀÀ´äÀÌ ¼ö½ÅµË´Ï´Ù. ¼­¹öÀÇ ÀÀ¿ë ÇÁ·Î±×·¥ ·Î±×´Â ƯÁ¤ ¹öÀüÀÇ ASP.NETÀÌ ¼Ò½ºÀÎ °æ°í Ç׸ñ°ú À̺¥Æ® ID 1309¸¦ Æ÷ÇÔÇÕ´Ï´Ù. À̺¥Æ® ·Î±×¿¡´Â ´ÙÀ½ ¸Þ½ÃÁö Áß Çϳª°¡ Æ÷ÇԵ˴ϴÙ.


¸Þ½ÃÁö 1:
ÀÀ¿ë ÇÁ·Î±×·¥ Á¤º¸:
ÀÀ¿ë ÇÁ·Î±×·¥ µµ¸ÞÀÎ: /LM/W3SVC/1/ROOT/<App Domain>
½Å·Ú ¼öÁØ: º¸Åë
ÀÀ¿ë ÇÁ·Î±×·¥ °¡»ó °æ·Î: <VDIR °æ·Î>
ÀÀ¿ë ÇÁ·Î±×·¥ °æ·Î: <ÀÀ¿ë ÇÁ·Î±×·¥ °æ·Î>
½Ã½ºÅÛ À̸§: <½Ã½ºÅÛ À̸§>
ÇÁ·Î¼¼½º Á¤º¸:
ÇÁ·Î¼¼½º ID: 0001
ÇÁ·Î¼¼½º À̸§: w3wp.exe
°èÁ¤ À̸§: IIS APPPOOL\DefaultAppPool

¿¹¿Ü Á¤º¸:
¿¹¿Ü À¯Çü: HttpException
¿¹¿Ü ¸Þ½ÃÁö: URL·Î ÀÎÄÚµùµÈ Æû µ¥ÀÌÅÍ°¡ À߸øµÇ¾ú½À´Ï´Ù.
at System.Web.HttpRequest.FillInFormCollection()
at System.Web.HttpRequest.get_Form()
at System.Web.HttpRequest.get_HasForm()
at System.Web.UI.Page.GetCollectionBasedOnMethod(Boolean dontReturnNull)
at System.Web.UI.Page.DeterminePostBackMode()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)


¸Þ½ÃÁö 2:
ÀÀ¿ë ÇÁ·Î±×·¥ Á¤º¸:
ÀÀ¿ë ÇÁ·Î±×·¥ µµ¸ÞÀÎ: /LM/W3SVC/1/ROOT/<App Domain>
½Å·Ú ¼öÁØ: º¸Åë
ÀÀ¿ë ÇÁ·Î±×·¥ °¡»ó °æ·Î: <VDIR °æ·Î>
ÀÀ¿ë ÇÁ·Î±×·¥ °æ·Î: <ÀÀ¿ë ÇÁ·Î±×·¥ °æ·Î>
½Ã½ºÅÛ À̸§: <½Ã½ºÅÛ À̸§>

ÇÁ·Î¼¼½º Á¤º¸:
ÇÁ·Î¼¼½º ID: 0001
ÇÁ·Î¼¼½º À̸§: w3wp.exe
°èÁ¤ À̸§: IIS APPPOOL\DefaultAppPool

¿¹¿Ü Á¤º¸:
¿¹¿Ü À¯Çü: InvalidOperationException
¿¹¿Ü ¸Þ½ÃÁö: °³Ã¼ÀÇ ÇöÀç »óÅ ¶§¹®¿¡ ÀÛ¾÷ÀÌ À¯È¿ÇÏÁö ¾Ê½À´Ï´Ù.
at System.Web.HttpRequest.FillInFilesCollection()
at System.Web.HttpRequest.get_Files()
at FileUpload.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint

¸Þ½ÃÁö 3:
ÀÀ¿ë ÇÁ·Î±×·¥ Á¤º¸:
ÀÀ¿ë ÇÁ·Î±×·¥ µµ¸ÞÀÎ: /LM/W3SVC/1/ROOT/<App Domain>
½Å·Ú ¼öÁØ: º¸Åë
ÀÀ¿ë ÇÁ·Î±×·¥ °¡»ó °æ·Î: <VDIR °æ·Î>
ÀÀ¿ë ÇÁ·Î±×·¥ °æ·Î: <ÀÀ¿ë ÇÁ·Î±×·¥ °æ·Î>
½Ã½ºÅÛ À̸§: <½Ã½ºÅÛ À̸§>

ÇÁ·Î¼¼½º Á¤º¸:
ÇÁ·Î¼¼½º ID: 0001
ÇÁ·Î¼¼½º À̸§: w3wp.exe
°èÁ¤ À̸§: IIS APPPOOL\DefaultAppPool

¿¹¿Ü Á¤º¸:
¿¹¿Ü À¯Çü: InvalidOperationException
¿¹¿Ü ¸Þ½ÃÁö: °³Ã¼ÀÇ ÇöÀç »óÅ ¶§¹®¿¡ ÀÛ¾÷ÀÌ À¯È¿ÇÏÁö ¾Ê½À´Ï´Ù.
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeDictionary(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.DeserializeInternal(Int32 depth)
at System.Web.Script.Serialization.JavaScriptObjectDeserializer.BasicDeserialize(String input, Int32 depthLimit, JavaScriptSerializer serializer)
at System.Web.Script.Serialization.JavaScriptSerializer.Deserialize(JavaScriptSerializer serializer, String input, Type type, Int32 depthLimit)
at System.Web.Script.Serialization.JavaScriptSerializer.DeserializeObject(String input)
at Failing.Page_Load(Object sender, EventArgs e)
at System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e)
at System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e)
at System.Web.UI.Control.OnLoad(EventArgs e)
at System.Web.UI.Control.LoadRecursive()
at System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint)


IIS ·Î±× ÆÄÀÏ¿¡´Â ´ÙÀ½°ú À¯»çÇÑ Ç׸ñÀÌ Ç¥½ÃµË´Ï´Ù.
2011-01-01 00:00:00 ::1 POST /machine/default.aspx - 80 - ::1 - 500 0 0 187




À§·Î °¡±â | Çǵå¹é º¸³»±â

¿øÀÎ

º¸¾È °øÁö MS11-100¿¡ ³ª¿À´Â Microsoft º¸¾È ¾÷µ¥ÀÌÆ®´Â ¿äû¿¡¼­ ASP.NETÀÌ ¼ö¶ôÇÏ´Â Æû Å°, ÆÄÀÏ ¹× JSON ¸â¹öÀÇ ÃÖ´ë ±âº» °³¼ö¸¦ 1,000À¸·Î º¯°æÇÕ´Ï´Ù. ÀÌ·¯ÇÑ º¯°æÀº Microsoft º¸¾È °øÁö MS11-100¿¡ ¼³¸íµÈ ¼­ºñ½º °ÅºÎ Ãë¾à¼ºÀ» ÇØ°áÇϱâ À§ÇØ ¼öÇàµÇ¾ú½À´Ï´Ù.


À§·Î °¡±â | Çǵå¹é º¸³»±â

ÇØ°á ¹æ¹ý

Æû Å° ¶Ç´Â ÆÄÀÏ¿¡ ´ëÇØ ÀÌ·¯ÇÑ Á¦ÇÑ¿¡ µµ´ÞÇÑ ÀÀ¿ë ÇÁ·Î±×·¥Àº ASP.NET ÀÀ¿ë ÇÁ·Î±×·¥ ±¸¼º ÆÄÀÏ¿¡ Ç¥½ÃµÈ °Íó·³ ASP.NET appSetting aspnet:MaxHttpCollectionKeys¸¦ ¼öÁ¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ ¼³Á¤Àº "Çö»ó" ÀýÀÇ ¿À·ù ¸Þ½ÃÁö 1°ú ¿À·ù ¸Þ½ÃÁö 2¸¦ ÇØ°áÇÕ´Ï´Ù. 
<configuration>
<appSettings>
<add key="aspnet:MaxHttpCollectionKeys" value="1000" />
</appSettings>
</configuration>


Âü°í x86 ±â¹Ý ½Ã½ºÅÛ¿¡¼­ ASP.NET 1.1À» »ç¿ëÇÏ´Â °æ¿ì ´ÙÀ½ ·¹Áö½ºÆ®¸® Å°¿¡ DWORD °ªÀ» Ãß°¡ÇÏ¿© ÀÌ ¼³Á¤À» Á¶Á¤ÇÕ´Ï´Ù.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ASP.NET\1.1.4322.0\MaxHttpCollectionKeys
x64 ±â¹Ý ½Ã½ºÅÛ¿¡¼­ ASP.NET 1.1À» »ç¿ëÇÏ´Â °æ¿ì ´ÙÀ½ ·¹Áö½ºÆ®¸® Å°¿¡ DWORD °ªÀ» Ãß°¡ÇÏ¿© ÀÌ ¼³Á¤À» Á¶Á¤ÇÕ´Ï´Ù.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ASP.NET\1.1.4322.0\MaxHttpCollectionKeys



JSON ÆäÀ̷ε忡 ´ëÇØ ÀÌ·¯ÇÑ Á¦ÇÑ¿¡ µµ´ÞÇÑ ÀÀ¿ë ÇÁ·Î±×·¥Àº ASP.NET ÀÀ¿ë ÇÁ·Î±×·¥ ±¸¼º ÆÄÀÏ¿¡ Ç¥½ÃµÈ °Íó·³ ASP.NET appSetting aspnet:MaxJsonDeserializerMembers¸¦ ¼öÁ¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ ¼³Á¤Àº "Çö»ó" ÀýÀÇ ¿À·ù ¸Þ½ÃÁö 3À» ÇØ°áÇÕ´Ï´Ù. 
<configuration>
<appSettings>
<add key="aspnet:MaxJsonDeserializerMembers" value="1000" />
</appSettings>
</configuration>




Âü°í ±âº» ¼³Á¤º¸´Ù Å©°Ô ÀÌ °ªÀ» ´Ã¸®¸é ¼­¹ö´Â º¸¾È °øÁö MS11-100¿¡ ¼³¸íµÈ ¼­ºñ½º °ÅºÎ ¹®Á¦¿¡ Á» ´õ Ãë¾àÇØÁý´Ï´Ù. 


À§·Î °¡±â | Çǵå¹é º¸³»±â
ÂüÁ¶
º¸¾È °øÁö MS11-100¿¡ ´ëÇÑ ÀÚ¼¼ÇÑ ³»¿ëÀº ´ÙÀ½ TechNet ¹®¼­¸¦ ÂüÁ¶ÇϽʽÿÀ. 
Microsoft º¸¾È °øÁö MS11-100 - Áß¿ä

      (http://technet.microsoft.com/ko-kr/security/bulletin/ms11-100)
    
 ÀÚ¼¼ÇÑ ³»¿ëÀº ´ÙÀ½ ¹®¼­ ¹øÈ£¸¦ Ŭ¸¯ÇÏ¿© Microsoft ±â¼ú ÀÚ·á ¹®¼­¸¦ ÂüÁ¶ÇϽʽÿÀ. 
2638420

      (http://support.microsoft.com/kb/2638420/ko/
            )
    
 MS11-100: .NET Framework Ãë¾à¼ºÀ¸·Î ÀÎÇÑ ±ÇÇÑ »ó½Â ¹®Á¦: 2011³â 12¿ù 29ÀÏ 
À§·Î °¡±â | Çǵå¹é º¸³»±â
¼Ó¼º
±â¼ú ÀÚ·á: 2661403 - ¸¶Áö¸· °ËÅä: 2012³â 11¿ù 29ÀÏ ¸ñ¿äÀÏ - ¼öÁ¤: 4.0
º» ¹®¼­ÀÇ Á¤º¸´Â ´ÙÀ½ÀÇ Á¦Ç°¿¡ Àû¿ëµË´Ï´Ù.
  • Microsoft .NET Framework 4.0
  • Microsoft .NET Framework 3.5 Service Pack 1
  • Microsoft .NET Framework 3.5
  • Microsoft .NET Framework 2.0 Service Pack 2
  • Microsoft  .NET Framework 2.0 Service Pack 1 (x86)
  • Microsoft .NET Framework 2.0
  • Microsoft .NET Framework 1.1 Service Pack 1
  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.0 Service Pack 3
  • Microsoft .NET Framework 1.0
  • Windows 7 Service Pack 1?À»(¸¦) ´ÙÀ½°ú ÇÔ²² »ç¿ëÇßÀ» ¶§
    • Windows 7 Enterprise
    • Windows 7 Professional
    • Windows 7 Ultimate
    • Windows 7 Home Premium
    • Windows 7 Home Basic
  • Windows 7 Enterprise
  • Windows 7 Professional
  • Windows 7 Ultimate
  • Windows 7 Home Premium
  • Windows 7 Home Basic
  • Windows Server 2008 R2 Service Pack 1?À»(¸¦) ´ÙÀ½°ú ÇÔ²² »ç¿ëÇßÀ» ¶§
    • Windows Server 2008 R2 Standard
    • Windows Server 2008 R2 Enterprise
    • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 R2 Standard
  • Windows Server 2008 R2 Enterprise
  • Windows Server 2008 R2 Datacenter
  • Windows Server 2008 Service Pack 2?À»(¸¦) ´ÙÀ½°ú ÇÔ²² »ç¿ëÇßÀ» ¶§
    • Windows Server 2008 for Itanium-Based Systems
    • Windows Server 2008 Datacenter
    • Windows Server 2008 Enterprise
    • Windows Server 2008 Standard
    • Windows Web Server 2008
  • Windows Vista Service Pack 2?À»(¸¦) ´ÙÀ½°ú ÇÔ²² »ç¿ëÇßÀ» ¶§
    • Windows Vista Business
    • Windows Vista Enterprise
    • Windows Vista Home Basic
    • Windows Vista Home Premium
    • Windows Vista Starter
    • Windows Vista Ultimate
    • Windows Vista Enterprise 64-bit edition
    • Windows Vista Home Basic 64-bit edition
    • Windows Vista Home Premium 64-bit edition
    • Windows Vista Ultimate 64-bit edition
    • Windows Vista Business 64-bit edition
  • Microsoft Windows Server 2003 Service Pack 2?À»(¸¦) ´ÙÀ½°ú ÇÔ²² »ç¿ëÇßÀ» ¶§
    • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
    • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
    • Microsoft Windows Server 2003, Datacenter Edition (32-bit x86)
    • Microsoft Windows Server 2003, Web Edition
    • Microsoft Windows Server 2003, Datacenter x64 Edition
    • Microsoft Windows Server 2003, Enterprise x64 Edition
    • Microsoft Windows Server 2003, Standard x64 Edition
    • Microsoft Windows XP Professional x64 Edition
    • Microsoft Windows Server 2003, Datacenter Edition for Itanium-Based Systems
    • Microsoft Windows Server 2003, Enterprise Edition for Itanium-based Systems
  • Microsoft Windows XP Service Pack 3?À»(¸¦) ´ÙÀ½°ú ÇÔ²² »ç¿ëÇßÀ» ¶§
    • Microsoft Windows XP Home Edition
    • Microsoft Windows XP Professional
Å°¿öµå:?
              
atdownload kbbug kbexpertiseinter kbfix kbsecbulletin kbsecurity kbsecvulnerability KB2661403
À§·Î °¡±â | Çǵå¹é º¸³»±â
Çǵå¹é º¸³»±â
 

      
        À§·Î °¡±âÀ§·Î °¡±â