[ °ø Áö ] Apache Struts 2 Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2018-08-23

¾È³çÇϽʴϱî. È£½ºÆ®¸ÕÆ®ÀÔ´Ï´Ù.

¸ÕÀú È£½ºÆ®¸ÕÆ®¸¦ ¾Æ²¸ÁÖ½Ã°í »ç¶ûÇØ Áֽô °í°´ ¿©·¯ºÐ²²  Áø½ÉÀ¸·Î °¨»çµå¸®¸ç

Apache Struts 2 Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í°¡ ÀÖ¾î À̸¦ ¾Ë·Áµå¸®°íÀÚ ÇÕ´Ï´Ù.

---------------------------------------------------------------------------

¡à °³¿ä
o Apache Struts¿¡¼­ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥ [1]
  o ³·Àº ¹öÀüÀ» »ç¿ë ÁßÀÎ ½Ã½ºÅÛÀº ¾Ç¼ºÄÚµå °¨¿°¿¡ Ãë¾àÇÒ ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ±Ç°í

¡à ¼³¸í
o Struts ÇÁ·¹ÀÓ¿öÅ©ÀÇ Äھ¼­ »ç¿ëÀÚÀÇ µ¥ÀÌÅÍ¿¡ ´ëÇÑ °ËÁõÀÌ ¹ÌÈíÇÏ¿© ¹ß»ýÇÏ´Â ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2018-11776) [2]

¡à ¿µÇâÀ» ¹Þ´Â Á¦Ç°
o Struts 2.3 ¢¦ 2.3.34 ¹öÀü
o Struts 2.5 ¢¦ 2.5.16 ¹öÀü

¡à ÇØ°á ¹æ¾È
o Struts 2.3 ~ 2.3.34 ¹öÀü »ç¿ëÀÚ
  - ÇØ´ç »çÀÌÆ®[3]¸¦ Âü°íÇÏ¿© 2.3.35 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ë
o Struts 2.5 ~ 2.5.16 ¹öÀü »ç¿ëÀÚ
  - ÇØ´ç »çÀÌÆ®[3]¸¦ Âü°íÇÏ¿© 2.5.17 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ë

¡à ±âŸ ¹®ÀÇ»çÇ×
o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118

[Âü°í»çÀÌÆ®]
[1] https://cwiki.apache.org/confluence/display/WW/S2-057
[2] https://nvd.nist.gov/vuln/detail/CVE-2018-11776
[3] https://struts.apache.org/download.cgi

---------------------------------------------------------------------------

                    Áñ°Å¿òÀÌ Àִ ȣ½ºÆà ¼­ºñ½º  [ È£½ºÆ®¸ÕÆ® ]