| Ãë¾àÁ¡ID |
22610 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
8880, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
¿ø°Ý ¼¹ö¿¡ IBM WebSphere Application Server Fix Pack 7.0.0.31 ÀÌÀü 7.0 ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖÀ¸¸ç, ´ÙÀ½ÀÇ ´ÙÁß Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
- Apache HTTP ServerÀÇ mod_rewrite ¸ðµâ¿¡ °áÇÔÀÌ Á¸ÀçÇØ HTTP¸¦ ÅëÇÏ¿© ÀÓÀÇÀÇ Äڵ尡 ½ÇÇàµÉ ¼ö ÀÖ´Ù.(CVE-2013-1862, PM87808)
- mod_dav ¿É¼Ç ¸ðµâ¿¡¼ ¼ºñ½º °ÅºÎ ¿¡·¯°¡ Á¸ÀçÇÑ´Ù.(CVE-2013-1896, PM89996)
- Apache Ant¿¡¼ ÆÄÀÏÀ» ¾ÐÃàÇÒ ¶§ ¼ºñ½º °ÅºÎ ¿¡·¯°¡ Á¸ÀçÇÑ´Ù.(CVE-2012-2098, PM90088)
- Trust store¿¡¼ XML Digital Signature¸¦ »ç¿ëÇÏ°Ô ¼³Á¤µÇ¾úÀ» ¶§, WS-Security¿¡¼ ¿¡·¯°¡ Á¸ÀçÇØ ±ÇÇÑ »ó½Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.(CVE-2013-4053, PM90949, PM91521)
- UDDI °ü¸®ÀÚ Äֿܼ¡¼ »ç¿ëÀÚ ÀÔ·Â °ª üũ¿¡ ¿¡·¯°¡ Á¸ÀçÇØ XSS Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.(CVE-2013-4052, PM91892)
- WebSphere Application Server 6.1À̳ª ÀÌÈÄ ¹öÀü¿¡¼ migrationµÇ¸é, ±ÇÇÑ »ó½Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.(CVE-2013-5414, PM92313)
- HTTP ÀÀ´ä µ¥ÀÌÅÍ È®ÀÎ °úÁ¤¿¡ ¿¡·¯°¡ Á¸ÀçÇØ XSS Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.(CVE-2013-5417, PM93323, PM93944)
- °ü¸®ÀÚ Äֿܼ¡¼ »ç¿ëÀÚ ÀÔ·Â °ª üũ¿¡ ¿À·ù°¡ Á¸ÀçÇØ XSS Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.(CVE-2013-4005, CVE-2013-5418, CVE-2013-6725, PM88208, PM96477, PM98132)
- simpleFileServletÀ» ÅëÇÏ¿© static file cachingÀ» »ç¿ëÇϵµ·Ï ¼³Á¤ÇÏ¿´À» ¶§ Á¤º¸À¯Ãâ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.(CVE-2013-6330, PM98624)
- À¥ ¼ºñ½º Á¾´Ü¿¡¼ÀÇ ¿äû 󸮿¡ ¿¡·¯°¡ Á¸ÀçÇØ ¼ºñ½º °ÅºÎ »óÅ¿¡ ºüÁú ¼ö ÀÖ´Ù.(CVE-2013-6325, PM99450)
- IBM WebSphere Application Server¿¡¼ JSSE °ü·ÃÇÏ¿© Æ÷ÇÔµÈ IBM SDK JAVA¿¡ Á¤º¸À¯Ãâ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.(CVE-2013-5780)
- IBM WebSphere Application Server¿¡¼ XML °ü·ÃÇÏ¿© Æ÷ÇÔµÈ IBM SDK JAVA¿¡ ¼ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.(CVE-2013-5372)
- IBM WebSphere Application Server¿¡¼ JSSE °ü·ÃÇÏ¿© Æ÷ÇÔµÈ IBM SDK JAVA¿¡ ¼ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.(CVE-2013-5803)
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç À¥ ¼¹öÀÇ ¹è³Ê Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_potential_security_vulnerabilities_fixed_in_ibm_websphere_application_server_7_0_0_31?lang=en_us
https://www-304.ibm.com/support/docview.wss?uid=swg21661323
https://www-304.ibm.com/support/docview.wss?uid=swg21655990
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
IBM WebSphere Application Server 7.0 Fix Pack 31 ÀÌÀüÀÇ 7.0 ¹öÀüµé |
| ÇØ°áÃ¥ |
'IBM Support & downloads' À¥ »çÀÌÆ®ÀÎ https://www-304.ibm.com/support/docview.wss?rs=180&uid=swg27004980#ver70 ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â IBM WebSphere Application ¼¹öÀÇ °¡Àå ÃֽŠ¹öÀü 7.0.0.31 ȤÀº ÀÌÈÄ·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2012-2098,CVE-2013-1862,CVE-2013-1896,CVE-2013-4005,CVE-2013-4052,CVE-2013-4053,CVE-2013-5372,CVE-2013-5414,CVE-2013-5417,CVE-2013-5418 (CVE) |
| °ü·Ã URL |
53676,59826,61129,61901,62336,62338,63082,63115,63224,63778,63780,63781,65096,65099,65100 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
