Ãë¾àÁ¡ID |
210254 |
À§Çèµµ |
40 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
WWW |
»ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ Tomcat ¹öÀüÀÌ 9.0.75 ÀÌÀüÀÔ´Ï´Ù. µû¶ó¼ fixed_in_apache_tomcat_9.0.75_security-9 ±Ç°í¿¡ ÂüÁ¶µÈ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.
- Apache Tomcat 11.0.0-M5, 10.1.8, 9.0.74, 8.5.88 ¹ö±× 66512 ¼öÁ¤À¸·Î ¸®±×·¹¼ÇÀÌ ¹ß»ýÇß½À´Ï´Ù. ÀÀ´ä¿¡ HTTP Çì´õ°¡ Æ÷ÇԵǾî ÀÖÁö ¾ÊÀº °æ¿ì AJPÀÇ SEND_HEADERS ¸Þ½ÃÁö°¡ ÀÀ´äÀ¸·Î º¸³»ÁöÁö ¾Ê°í Àû¾îµµ ÇϳªÀÇ AJP ÇÁ·Ï½Ã (mod_proxy_ajp)°¡ ÀÌÀü ¿äûÀÇ ÀÀ´ä Çì´õ¸¦ »ç¿ëÇÏ°Ô µÇ¾î Á¤º¸ À¯Ãâ·Î À̾î Áú¼ö ÀÖ½À´Ï´Ù.(CVE-2023-34981)
* Âü°í »çÀÌÆ®: https://bz.apache.org/bugzilla/show_bug.cgi?id=66512 https://bz.apache.org/bugzilla/show_bug.cgi?id=66591 https://github.com/apache/tomcat/commit/2f0ca2378415f4cf0748f4bc8fa955f41f803fa5 https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.75
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: Apache Tomcat Server 9.0.75 ÀÌÀüÀÇ 9.0.x ¹öÀüµé ¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
ÇØ°áÃ¥ |
Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://tomcat.apache.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache Tomcat ServerÀÇ °¡Àå ÃֽŠ¹öÀü(9.0.75 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2023-34981 (CVE) |
°ü·Ã URL |
(SecurityFocus) |
°ü·Ã URL |
(ISS) |
|