|
|
[ °ø Áö ] Apache Tomcat ¼ºñ½º °ÅºÎ Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í |
|
2014-02-07 |
|
|
¾È³çÇϽʴϱî. È£½ºÆ®¸ÕÆ®ÀÔ´Ï´Ù.
¸ÕÀú È£½ºÆ®¸ÕÆ®¸¦ ¾Æ²¸ÁÖ½Ã°í »ç¶ûÇØ Áֽô °í°´ ¿©·¯ºÐ²² Áø½ÉÀ¸·Î °¨»çµå¸®¸ç
Apache Tomcat ¼ºñ½º °ÅºÎ Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í°¡ ÀÖ¾î À̸¦ ¾Ë·Áµå¸®°íÀÚ ÇÕ´Ï´Ù.
---------------------------------------------------------------------------
°³¿ä
•¾ÆÆÄÄ¡ ¼ÒÇÁÆ®¿þ¾î Àç´ÜÀº Apache Tomcat¿¡ ¿µÇâÀ» ÁÖ´Â ¼ºñ½º °ÅºÎ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ®¸¦ ¹ßÇ¥[1][2]
•°ø°ÝÀÚ´Â HTTP Çì´õ¸¦ Ư¼öÇÏ°Ô Á¶ÀÛÇØ Ãë¾àÇÑ ½Ã½ºÅÛ¿¡ ¿äûÇÒ °æ¿ì, ¼ºñ½º °ÅºÎ¸¦ À¯¹ß½Ãų ¼ö ÀÖÀ½
¼³¸í
•HTTP Çì´õÀÇ ¡®Content-Type¡¯ Ç׸ñ °ªÀ» º¯Á¶ÇØ ¼ºñ½º °ÅºÎ¸¦ ÀÏÀ¸Å³ ¼ö ÀÖ´Â Ãë¾àÁ¡(CVE-2014-0050)
ÇØ´ç ½Ã½ºÅÛ
•¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
◦Apache Tomcat 7.0.0 - 7.0.50 ¹öÀü
◦Apache Tomcat 8.0.0-RC1 - 8.0.1 ¹öÀü
ÇØ°á ¹æ¾È
•Apache Tomcat 7.x ¹öÀü »ç¿ëÀÚ
◦Apache Tomcat ¹öÀüÀ» 7.0.51 ¹öÀüÀ¸·Î ¾÷±×·¹À̵å
•Apache Tomcat 7.x ¹öÀü »ç¿ëÀÚ
◦Apache Tomcat ¹öÀüÀ» 8.0.2 ¹öÀüÀ¸·Î ¾÷±×·¹À̵å
¿ë¾î Á¤¸®
•Apache Tomcat : ¾ÆÆÄÄ¡ ¼ÒÇÁÆ®¿þ¾î Àç´Ü¿¡¼ °³¹ßµÈ À¥ ¾ÖÇø®ÄÉÀÌ¼Ç ¼¹ö
±âŸ ¹®ÀÇ»çÇ×
•Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118
Âü°í»çÀÌÆ®
[1] http://tomcat.apache.org/security-7.html
[2] http://tomcat.apache.org/security-8.html
°¨»çÇÕ´Ï´Ù.
---------------------------------------------------------------------------
Áñ°Å¿òÀÌ Àִ ȣ½ºÆà ¼ºñ½º [ È£½ºÆ®¸ÕÆ® ]
|
|
|