|
|
[ °ø Áö ] Apache Struts 2 Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í |
|
2018-08-23 |
|
|
¾È³çÇϽʴϱî. È£½ºÆ®¸ÕÆ®ÀÔ´Ï´Ù.
¸ÕÀú È£½ºÆ®¸ÕÆ®¸¦ ¾Æ²¸ÁÖ½Ã°í »ç¶ûÇØ Áֽô °í°´ ¿©·¯ºÐ²² Áø½ÉÀ¸·Î °¨»çµå¸®¸ç
Apache Struts 2 Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í°¡ ÀÖ¾î À̸¦ ¾Ë·Áµå¸®°íÀÚ ÇÕ´Ï´Ù.
---------------------------------------------------------------------------
¡à °³¿ä
o Apache Struts¿¡¼ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥ [1]
o ³·Àº ¹öÀüÀ» »ç¿ë ÁßÀÎ ½Ã½ºÅÛÀº ¾Ç¼ºÄÚµå °¨¿°¿¡ Ãë¾àÇÒ ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ±Ç°í
¡à ¼³¸í
o Struts ÇÁ·¹ÀÓ¿öÅ©ÀÇ Äھ¼ »ç¿ëÀÚÀÇ µ¥ÀÌÅÍ¿¡ ´ëÇÑ °ËÁõÀÌ ¹ÌÈíÇÏ¿© ¹ß»ýÇÏ´Â ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2018-11776) [2]
¡à ¿µÇâÀ» ¹Þ´Â Á¦Ç°
o Struts 2.3 ¢¦ 2.3.34 ¹öÀü
o Struts 2.5 ¢¦ 2.5.16 ¹öÀü
¡à ÇØ°á ¹æ¾È
o Struts 2.3 ~ 2.3.34 ¹öÀü »ç¿ëÀÚ
- ÇØ´ç »çÀÌÆ®[3]¸¦ Âü°íÇÏ¿© 2.3.35 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ë
o Struts 2.5 ~ 2.5.16 ¹öÀü »ç¿ëÀÚ
- ÇØ´ç »çÀÌÆ®[3]¸¦ Âü°íÇÏ¿© 2.5.17 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ë
¡à ±âŸ ¹®ÀÇ»çÇ×
o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
[Âü°í»çÀÌÆ®]
[1] https://cwiki.apache.org/confluence/display/WW/S2-057
[2] https://nvd.nist.gov/vuln/detail/CVE-2018-11776
[3] https://struts.apache.org/download.cgi
---------------------------------------------------------------------------
Áñ°Å¿òÀÌ Àִ ȣ½ºÆà ¼ºñ½º [ È£½ºÆ®¸ÕÆ® ]
|
|
|