| Ãë¾àÁ¡ID |
22606 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
8880, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
¿ø°Ý ¼¹ö¿¡ IBM WebSphere Application Server Fix Pack 8.5.5.1 ÀÌÀü 8.5 ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖÀ¸¸ç, ´ÙÀ½ÀÇ ´ÙÁß Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
- Apache Ant ¿Í ÆÄÀÏ ¾ÐÃà¿¡ °áÇÔÀÌ Á¸ÀçÇØ ¼ºñ½º °ÅºÎ »óÅ¿¡ ºüÁú ¼ö ÀÖ´Ù. (CVE-2012-2098 / PM90088)
- °ü¸®ÀÚ Äֿܼ¡ Á¤ÀǵÇÁö ¾ÊÀº Ãë¾àÁ¡ÀÌ Á¸ÀçÇØ cross-site scripting °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2013-0460 / PM72275, CVE-2013-5418 / PM96477, CVE-2013-5425 / PM93828)
- IBM Eclipse Help System¿¡ ´ÙÁß ¿¡·¯°¡ Á¸ÀçÇØ cross-site scripting attack¿¡ Ãë¾àÇϸç, Á¤º¸°¡ À¯ÃâµÉ ¼ö ÀÖ´Ù. (CVE-2013-0464, CVE-2013-0467, CVE-2013-0599 / PM89893)
- IBM HTTP Server¿¡ ¿É¼ÇÀ¸·Î Æ÷ÇÔµÈ 'mod_rewrite' ¸ðµâ¿¡ ÀÔ·Â °ª üũ °áÇÔÀÌ Á¸ÀçÇØ, ƯÁ¤ escape sequence°¡ Æ÷ÇÔµÈ HTTP request¸¦ ÅëÇØ ÀÓÀÇÀÇ ¸í·ÉÀ» ½ÇÇàÇÒ ¼ö ÀÖ´Ù. (CVE-2013-1862 / PM87808)
- IBM HTTP Server¿¡ ¿É¼ÇÀ¸·Î Æ÷ÇÔµÈ 'mod_dav' ¸ðµâ¿¡ °áÇÔÀÌ Á¸ÀçÇØ ¼ºñ½º °ÅºÎ »óÅ¿¡ ºüÁú ¼ö ÀÖ´Ù. (CVE-2013-1896 / PM89996)
- »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ °ª üũ¿¡ ¿¡·¯°¡ Á¸ÀçÇØ cross-site request forgery (CSRF) °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2013-3029 / PM88746)
- °ü¸®ÀÚ Äֿܼ¡¼ »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ °ª üũ¿¡ ¿¡·¯°¡ Á¸ÀçÇØ cross-site scripting °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2013-4004 / PM81571, CVE-2013-4005 / PM88208)
- Á¤ÀǵÇÁö ¾ÊÀº ±ÇÇÑ ¿¡·¯°¡ Á¸ÀçÇØ °ø°ÝÀÚ°¡ ¹Î°¨ÇÑ Á¤º¸¸¦ ȹµæÇÒ ¼ö ÀÖ´Ù. ('Liberty Profile'¿¡¸¸ ¿µÇâÀÌ ÀÖÀ½) (CVE-2013-4006 / PM90472)
- UDDI °ü¸®ÀÚ ÄܼÖÀÇ ÀÔ·Â °ª üũ¿¡ ¿¡·¯°¡ Á¸ÀçÇØ cross-site scripting °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2013-4052 / PM91892)
- À߸øµÈ ÀÎÁõ üũ·Î ÀÎÇÏ¿© °ø°ÝÀÚÀÇ ±ÇÇÑÀÌ »ó½ÂµÉ ¼ö ÀÖ´Ù. (WS-Security,XML Digital Signatures°¡ Çã¿ëµÈ »óÅ¿©¾ß ÇÔ) (CVE-2013-4053 / PM90949)
- 6.1 ¹öÀü¿¡ °ü¸®ÀÚ º¸¾È ¿ªÇÒ°ú migration¿¡ ¿¡·¯°¡ Á¸ÀçÇÑ´Ù. (CVE-2013-5414 / PM92313)
- Á¤ÀǵÇÁö ¾ÊÀº ÀÔ·Â °ª °ËÁõ ¿¡·¯°¡ Á¸ÀçÇØ cross-site scripting °ø°Ý¿¡ Ãë¾àÇÏ´Ù. (CVE-2013-5417 / PM93323 and PM93944)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç À¥ ¼¹öÀÇ ¹è³Ê Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8551
http://www-01.ibm.com/support/docview.wss?&uid=swg21651880
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
IBM WebSphere Application Server Fix Pack 8.5.5.1 ÀÌÀüÀÇ 8.5 ¹öÀüµé |
| ÇØ°áÃ¥ |
'IBM Support & downloads' À¥ »çÀÌÆ®ÀÎ http://www-01.ibm.com/support/docview.wss?uid=swg27036319#8551 ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â IBM WebSphere Application ¼¹öÀÇ °¡Àå ÃֽŠ¹öÀü 8.5.5.1 ȤÀº ÀÌÈÄ·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2012-2098,CVE-2013-0460,CVE-2013-0464,CVE-2013-0467,CVE-2013-0599,CVE-2013-1862,CVE-2013-1896,CVE-2013-3029,CVE-2013-4004,CVE-2013-4005 (CVE) |
| °ü·Ã URL |
53676,57510,58000,59826,60107,60246,61129,61901,61935,61937,62336,62338,63700,63778,63780,63781,63786 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
