English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 22368
À§Çèµµ 40
Æ÷Æ® 80, ...
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù Servlet
»ó¼¼¼³¸í BEA WebLogic ¼­¹öÀÇ ¹è³Ê Á¤º¸¿¡ µû¸£¸é ÇØ´ç ¼­¹ö´Â ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù. BEA WebLogicÀº Java ±â¹ÝÀÇ ±â¾÷¿ë ¾îÇø®ÄÉÀ̼ǵéÀ» ÀÌ¿ëÇÏ¿© ÀüÀÚ»ó°Å·¡ ¹× ÀÎÅÍ³Ý ¾îÇø®ÄÉÀ̼ǵéÀ» °³¹ßÇϱâ À§ÇÑ ¼­¹öÀÌ´Ù. BEA WebLogic Server ¹× Express ¹öÀü 6.x ±×¸®°í 7.0¿¡¼­ SP6±îÁö ±×¸®°í 8.1¿¡¼­ SP4±îÁöÀÇ ¹öÀüµéÀº ´ÙÁßÀÇ Ãë¾àÁ¡µé¿¡ Ãë¾àÇÏ´Ù. ÀÌ Ãë¾àÁ¡µéÀº ¿ø°ÝÁöÀÇ °ø°ÝÀÚ¿¡ ÀÇÇØ ¹öÆÛ ¿À¹öÇ÷οì, ¼­ºñ½º °ÅºÎ, ºñÀΰ¡µÈ ¾×¼¼½º, Cross-Site Scripting, ±×¸®°í Á¤º¸ ³ëÃâ °ø°ÝµéÀ» ¼öÇàÇÏ´Â µ¥ µµ¿ëµÉ ¼ö ÀÖ´Ù.

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç HTTP ¼­¹öÀÇ ¹è³Ê Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼­ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
http://www.appsecinc.com/resources/alerts/general/BEA-001.html
http://www.appsecinc.com/resources/alerts/general/BEA-002.html
http://www.securitytracker.com/alerts/2005/Feb/1013177.html
http://www.securitytracker.com/alerts/2005/Apr/1013817.html
http://secunia.com/advisories/15486

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
BEA WebLogic »ç, WebLogic Server ¹× Express 7.0¿¡¼­ SP6±îÁö
BEA WebLogic »ç, WebLogic Server ¹× Express 8.1¿¡¼­ SP4±îÁö
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü
ÇØ°áÃ¥ ´ÙÀ½ ´Ù¿î·Îµå ÆäÀÌÁö·ÎºÎÅÍ ORACLE WebLogic ServerÀÇ ÃֽŠ¹öÀüÀ¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù:
http://www.oracle.com/technetwork/middleware/weblogic/overview/index.html
°ü·Ã URL CVE-2005-1380,CVE-2005-0432,CVE-2005-1742,CVE-2005-1743,CVE-2005-1744,CVE-2005-1745,CVE-2005-1744,CVE-2005-1746,CVE-2005-1747 (CVE)
°ü·Ã URL 12548,13400,13717,13793,13794 (SecurityFocus)
°ü·Ã URL 20276,20802,20703,20704,20706,20708,20793 (ISS)