| Ãë¾àÁ¡ID |
210253 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ Tomcat ¹öÀüÀÌ 8.5.89 ÀÌÀüÀÔ´Ï´Ù. µû¶ó¼ fixed_in_apache_tomcat_8.5.89_security-8 ±Ç°í¿¡ ÂüÁ¶µÈ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.
- Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74, 8.5.88 ¹ö±× 66512 ¼öÁ¤À¸·Î ¸®±×·¹¼ÇÀÌ ¹ß»ýÇß½À´Ï´Ù. ÀÀ´ä¿¡ HTTP Çì´õ°¡ Æ÷ÇԵǾî ÀÖÁö ¾ÊÀº °æ¿ì AJPÀÇ SEND_HEADERS ¸Þ½ÃÁö°¡ ÀÀ´äÀ¸·Î º¸³»ÁöÁö ¾Ê°í Àû¾îµµ ÇϳªÀÇ AJP ÇÁ·Ï½Ã (mod_proxy_ajp)°¡ ÀÌÀü ¿äûÀÇ ÀÀ´ä Çì´õ¸¦ »ç¿ëÇÏ°Ô µÇ¾î Á¤º¸ À¯Ãâ·Î À̾î Áú¼ö ÀÖ½À´Ï´Ù.(CVE-2023-34981)
* Âü°í »çÀÌÆ®:
https://bz.apache.org/bugzilla/show_bug.cgi?id=66512
https://bz.apache.org/bugzilla/show_bug.cgi?id=66591
https://github.com/apache/tomcat/commit/2214c8030522aa9b2a367dfa5d9acff1a03666ae
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.89
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Apache Tomcat Server 8.5.89 ÀÌÀüÀÇ 8.5.x ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://tomcat.apache.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache Tomcat ServerÀÇ °¡Àå ÃֽŠ¹öÀü(8.5.89 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2023-34981 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
