Ãë¾àÁ¡ID |
210213 |
À§Çèµµ |
10 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
WWW |
»ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ Apache TomcatÀÇ ¹öÀüÀº 8.5.78 ÀÌÀüÀÇ 8.xÀÔ´Ï´Ù.
ÀÌ ¹öÀüÀÇ Apache Tomcat¿¡´Â Spring4Shell(CVE-2022-22965)·ÎºÎÅÍ º¸È£Çϱâ À§ÇÑ ¿ÏÈ ±â´ÉÀÌ ¾ø½À´Ï´Ù. ÀÌ°ÍÀÌ Apache Tomcat ÀÚüÀÇ Ãë¾àÁ¡À» ³ªÅ¸³»Áö´Â ¾ÊÁö¸¸ Apache TomcatÀ» Spring4Shell ¿ÏÈ°¡ ÀÖ´Â ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ´Â °ÍÀÌ ÁÁ½À´Ï´Ù.
* Âü°í »çÀÌÆ®: https://spring.io/blog/2022/04/01/spring-framework-rce-mitigation-alternative
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: Apache Tomcat Server 8.5.78 ÀÌÀüÀÇ 8.5.x ¹öÀüµé ¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
ÇØ°áÃ¥ |
Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://tomcat.apache.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache Tomcat ServerÀÇ °¡Àå ÃֽŠ¹öÀü(8.5.78 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2022-22965 (CVE) |
°ü·Ã URL |
(SecurityFocus) |
°ü·Ã URL |
(ISS) |
|