|
|
[ °ø Áö ] Apache Tomcat JK Connectors º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í |
|
2018-11-08 |
|
|
¾È³çÇϽʴϱî. È£½ºÆ®¸ÕÆ®ÀÔ´Ï´Ù.
¸ÕÀú È£½ºÆ®¸ÕÆ®¸¦ ¾Æ²¸ÁÖ½Ã°í »ç¶ûÇØ Áֽô °í°´ ¿©·¯ºÐ²² Áø½ÉÀ¸·Î °¨»çµå¸®¸ç
Apache Tomcat JK Connectors º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í°¡ ÀÖ¾î À̸¦ ¾Ë·Áµå¸®°íÀÚ ÇÕ´Ï´Ù.
---------------------------------------------------------------------------
¡à °³¿ä
o Apache Tomcat JK Connectors¿¡¼ ½Å±Ô Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥[1]
o Ãë¾àÇÑ ¹öÀüÀ» »ç¿ë ÁßÀÎ ¼¹öÀÇ ´ã´çÀÚ´Â ÇØ°á¹æ¾È¿¡ µû¶ó ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ±Ç°í
¡à ¼³¸í
o ¾ÆÆÄÄ¡ À¥¼¹öÀÇ Æ¯Á¤ Äڵ忡¼ °æ°è¸¦ ¹þ¾î³ª´Â °ªÀ» ÀûÀýÇÏ°Ô Ã³¸®ÇÏÁö ¸øÇØ ¹ß»ýÇÏ´Â Á¢±ÙÅëÁ¦ ¿ìȸ Ãë¾àÁ¡(CVE-2018-11759) [2]
¡à ¿µÇâÀ» ¹Þ´Â Á¦Ç°
o Tomcat JK Connectors
- 1.2.0 ~ 1.2.44 ¹öÀü
¡à ÇØ°á ¹æ¾È
o ÇØ´ç ÆäÀÌÁö¸¦ Âü°íÇÏ¿© 1.2.46 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ë [3]
¡à ±âŸ ¹®ÀÇ»çÇ×
o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
[Âü°í»çÀÌÆ®]
[1] http://tomcat.apache.org/security-jk.html#Fixed_in_Apache_Tomcat_JK_Connector_1.2.46
[2] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11759
[3] https://tomcat.apache.org/download-connectors.cgi
---------------------------------------------------------------------------
Áñ°Å¿òÀÌ Àִ ȣ½ºÆà ¼ºñ½º [ È£½ºÆ®¸ÕÆ® ]
|
|
|