English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 210271
À§Çèµµ 40
Æ÷Æ® 80, ...
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù WWW
»ó¼¼¼³¸í ¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ Tomcat ¹öÀüÀº 8.5.99 ÀÌÀüÀÔ´Ï´Ù. µû¶ó¼­ fixed_in_apache_tomcat_8.5.99_security-8 ±Ç°í¿¡ ³ª¿­µÈ ¿©·¯ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.

- Apache TomcatÀÇ ºÒ¿ÏÀüÇÑ Á¤¸® Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼­ºñ½º °ÅºÎ. WebSocket Ŭ¶óÀ̾ðÆ®°¡ WebSocket ¿¬°áÀ» ¿­¾î ³õ°í ¸®¼Ò½º ¼Òºñ°¡ Áõ°¡ÇÒ ¼ö ÀÖ¾ú½À´Ï´Ù. ÀÌ ¹®Á¦´Â 11.0.0-M1¿¡¼­ 11.0.0-M16, 10.1.0-M1¿¡¼­ 10.1.18, 9.0.0-M1¿¡¼­ 9.0.85, 8.5.0¿¡¼­ 8.5.98±îÁöÀÇ Apache Tomcat¿¡ ¿µÇâÀ» ¹ÌĨ´Ï´Ù. ÇÕ´Ï´Ù. »ç¿ëÀÚ¿¡°Ô´Â ÀÌ ¹®Á¦¸¦ ÇØ°áÇÑ ¹öÀüÀÎ ¹öÀü 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99·Î ¾÷±×·¹À̵åÇÏ´Â °ÍÀÌ ÁÁ½À´Ï´Ù. (CVE-2024-23672)
- Apache Tomcat¿¡¼­ HTTP/2 ¿äûÀÇ ºÎÀûÀýÇÑ ÀÔ·Â È®ÀÎ Ãë¾àÁ¡À¸·Î ÀÎÇÑ ¼­ºñ½º °ÅºÎ. HTTP/2 ¿äûÀ» ó¸®ÇÒ ¶§ ¿äûÀÌ Çì´õ¿¡ ¼³Á¤µÈ Çѵµ¸¦ ÃÊ°úÇÏ¸é ¸ðµç Çì´õ°¡ ó¸®µÉ ¶§±îÁö °ü·Ã HTTP/2 ½ºÆ®¸²ÀÌ Àç¼³Á¤µÇÁö ¾Ê¾Ò½À´Ï´Ù. ÀÌ ¹®Á¦´Â 11.0.0-M1¿¡¼­ 11.0.0-M16, 10.1.0-M1¿¡¼­ 10.1.18, 9.0.0-M1¿¡¼­ 9.0.85, 8.5.0¿¡¼­ 8.5.98±îÁöÀÇ Apache Tomcat¿¡ ¿µÇâÀ» ¹ÌĨ´Ï´Ù. ÇÕ´Ï´Ù. »ç¿ëÀÚ¿¡°Ô´Â ÀÌ ¹®Á¦¸¦ ÇØ°áÇÑ ¹öÀüÀÎ ¹öÀü 11.0.0-M17, 10.1.19, 9.0.86, 8.5.99·Î ¾÷±×·¹À̵åÇÏ´Â °ÍÀÌ ÁÁ½À´Ï´Ù. (CVE-2024-24549)

* Âü°í »çÀÌÆ®:
https://github.com/apache/tomcat/commit/3631adb1342d8bbd8598802a12b63ad02c37d591
https://github.com/apache/tomcat/commit/0cac540a882220231ba7a82330483cbd5f6b1f96
https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.99

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Apache Tomcat Server 8.5.99 ÀÌÀüÀÇ 8.5.x ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü
ÇØ°áÃ¥ Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://tomcat.apache.org/ ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â Apache Tomcat ServerÀÇ °¡Àå ÃֽŠ¹öÀü(8.5.99 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2024-23672,CVE-2024-24549 (CVE)
°ü·Ã URL (SecurityFocus)
°ü·Ã URL (ISS)