|
|
[ °ø Áö ] Apache Tomcat Native Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í |
|
2018-08-21 |
|
|
¾È³çÇϽʴϱî. È£½ºÆ®¸ÕÆ®ÀÔ´Ï´Ù.
¸ÕÀú È£½ºÆ®¸ÕÆ®¸¦ ¾Æ²¸ÁÖ½Ã°í »ç¶ûÇØ Áֽô °í°´ ¿©·¯ºÐ²² Áø½ÉÀ¸·Î °¨»çµå¸®¸ç
Apache Tomcat Native Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í°¡ ÀÖ¾î À̸¦ ¾Ë·Áµå¸®°íÀÚ ÇÕ´Ï´Ù.
---------------------------------------------------------------------------
¡à °³¿ä
o Apache Tomcat Native¿¡¼ ½Å±Ô Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥[1]
¡Ø Tomcat Native : TomcatÀÌ Æ¯Á¤ ±â´ÉÀ» »ç¿ëÇÒ ¼ö ÀÖµµ·Ï Ãß°¡µÈ ¶óÀ̺귯¸®·Î, »ç¿ëÀÚ°¡ Ãß°¡·Î ¼³Ä¡ÇÏ¿© »ç¿ëÀÌ °¡´ÉÇÔ
o Ãë¾àÇÑ ¹öÀüÀ» »ç¿ë ÁßÀÎ ¼¹öÀÇ ´ã´çÀÚ´Â ÇØ°á¹æ¾È¿¡ µû¶ó ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ±Ç°í
¡à ¼³¸í
o Native ¶óÀ̺귯¸®¿¡¼ OCSP ÀÀ´ä¿¡ ´ëÇÑ °ËÁõÀÌ ¹ÌÈíÇÏ¿© ÇØÁöµÈ Ŭ¶óÀ̾ðÆ® ÀÎÁõ¼·Î TLS ÀÎÁõÀÌ °¡´ÉÇÑ ÀÎÁõ¿ìȸ Ãë¾àÁ¡(CVE-2018-8019, CVE-2018-8020) [2][3]
¡Ø OCSP : ¿Â¶óÀÎ ÀÎÁõ¼ »óÅ ÇÁ·ÎÅäÄÝ(Online Certificate Status Protocol)ÀÇ ¾àÀÚ·Î, ½Ç½Ã°£À¸·Î ÀÎÁõ¼¸¦ °ËÁõÇÒ ¼ö ÀÖ´Â ÇÁ·ÎÅäÄÝ
¡à ¿µÇâÀ» ¹Þ´Â Á¦Ç°
o Native
- 1.1.23 ~ 1.1.34 ¹öÀü
- 1.2.0 ~ 1.2.16 ¹öÀü
¡Ø OCSP¸¦ »ç¿ëÇÏÁö ¾Ê´Â ½Ã½ºÅÛÀº ¿µÇâ ¹ÞÁö ¾ÊÀ½
¡à ÇØ°á ¹æ¾È
o ÇØ´ç ÆäÀÌÁö¸¦ Âü°íÇÏ¿© 1.2.17 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ë[4]
¡à ±âŸ ¹®ÀÇ»çÇ×
o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
[Âü°í»çÀÌÆ®]
[1] https://tomcat.apache.org/security-native.html
[2] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8019
[3] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8020
[4] http://tomcat.apache.org/download-native.cgi
Æ®À§ÅÍ ÆäÀ̽ººÏ
---------------------------------------------------------------------------
Áñ°Å¿òÀÌ Àִ ȣ½ºÆà ¼ºñ½º [ È£½ºÆ®¸ÕÆ® ]
|
|
|