English
¢¸¢· µÚ·Î
Ãë¾àÁ¡ID 22628
À§Çèµµ 40
Æ÷Æ® 8880, ...
ÇÁ·ÎÅäÄÝ TCP
ºÐ·ù WWW
»ó¼¼¼³¸í ¿ø°Ý ¼­¹ö¿¡ IBM WebSphere Application Server Fix Pack 7.0.0.33 ÀÌÀü 7.0.x ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖÀ¸¸ç, ´ÙÀ½ÀÇ ´ÙÁß Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.

- »ç¿ëÀÚ ÀԷ°ª üũ¿¡ ¿À·ù°¡ Á¸ÀçÇØ, °ü¸®ÀÚ Äֿܼ¡ cross-site scripting Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2013-6323, PI04777 and PI04880)

- SSL/TLS Çڵ彦ÀÌÅ© °úÁ¤¿¡¼­, Global Security kit¿¡¼­ SSLv2 resume °úÁ¤À» ´Ù·ê¶§ ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. °ø°ÝÀÚ´Â ÀÌ Ãë¾àÁ¡À» ÀÌ¿ëÇØ ÇÁ·Î±×·¥À» Å©·¡½Ã ½Ãų ¼ö ÀÖ´Ù. (CVE-2013-6329, PI05309)

- Add-on¿¡¼­ mod_davÀ» HTTP Server¿¡¼­ »ç¿ëÇÒ ¶§ buffer overflow Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2013-6438, PI09345)

- »ç¿ëÀÚ°¡ ÀÔ·ÂÇÑ OAuth °ªÀ» Á¦´ë·Î üũÇÏÁö ¾Ê¾Æ cross-site scripting Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. °ø°ÝÀÚ´Â ÀÌ Ãë¾àÁ¡À» ÀÌ¿ëÇÏ¿© ÀÓÀÇÀÇ ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÒ ¼ö ÀÖ´Ù. (CVE-2013-6738, PI05661)

- SSL/TLS ¿¬°á ÃʱâÈ­ °úÁ¤¿¡¼­, Global Security kit¿¡¼­ X.509 ÀÎÁõ üÀÎ °úÁ¤À» ´Ù·ê¶§ ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. °ø°ÝÀÚ´Â ÀÌ Ãë¾àÁ¡À» ÀÌ¿ëÇØ ¾Ç¿ëÀÇ ÀÎÁõ üÀÎÀ» »ç¿ëÇÏ¿© ÇÁ·Î±×·¥À» Å©·¡½Ã ½Ãų¼ö ÀÖ´Ù. (CVE-2013-6747, PI09443)

- Apache Commons FileUpload¿¡¼­ multipart requestÀÇ content-type Çì´õ¸¦ ÆĽÌÇÒ¶§ ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2014-0050, PI12648, PI12926 and PI13162)

- ÇÒ´çµÇÁö ¾ÊÀº ÄíÅ°°ªÀ» logging ÇÒ¶§ 'mod_log_config'¿¡¼­ ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2014-0098, PI13028)

- Apache Struts¿¡ ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. Class loader ¼Ó¼º ¼¼Æà Á¦ÇÑ ½ÇÆзΠÀÎÇÏ¿©, °ø°ÝÀÚ´Â ÀÓÀÇÀÇ ½ºÅ©¸³Æ®¸¦ ½ÇÇàÇÒ ¼ö ÀÖ´Ù. (CVE-2014-0114, PI17190)

- 'sun.security.rsa.RSAPadding'¿¡¼­ 'PKCS#1'·Î ¾ð ÆеùÇÒ¶§ Á¤º¸ À¯Ãâ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. ÀÌ·Î ÀÎÇØ ¾ÏȣȭµÈ ½Ã°£ Á¤º¸¸¦ ¿ø°Ý °ø°ÝÀÚ°¡ ¾òÀ»¼ö ÀÖ´Ù. (CVE-2014-0453)

- À¥¼­¹öÀÇ Post ½ÇÆÐ Àç¿äû Ç÷¯±×ÀÎ ¼³Á¤¿¡ ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2014-0859, PI08892)

- 'IBMJCE' ¿Í 'IBMSecureRandom'ÀÇ cryptographic providersÀÇ ¼ýÀÚ»ý¼º±â°¡ ¿¹Ãø°¡´ÉÇÑ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2014-0878)

- Proxy ¿Í ODR servers¿¡ Á¤º¸ À¯Ãâ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2014-0891, PI09786)

- Reverse Proxy component¿Í À¥¿ë IBM Security Access Manager¿¡ ¼­ºñ½º °ÅºÎ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. Á¶ÀÛµÈ TLS Æ®·¡ÇÈÀ» º¸³» ½Ã½ºÅÛÀÌ ÀÀ´ä ¸øÇÏ°Ô ÇÒ ¼ö ÀÖ´Ù. (CVE-2014-0963, PI17025)

- SOAP ÀÀ´äÀ» ´Ù·ê¶§ Á¤º¸ À¯Ãâ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2014-0965, PI11434)

- Á¶ÀÛµÈ URLÀ» º¸³» ¹Î°¨ÇÑ Á¤º¸¸¦ ¾òÀ»¼ö ÀÖ´Â Á¤º¸ À¯Ãâ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù. (CVE-2014-3022, PI09594)

* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç À¥ ¼­¹öÀÇ ¹è³Ê Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼­ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.

* Âü°í »çÀÌÆ®:
https://www-304.ibm.com/support/docview.wss?uid=swg21676091
https://www-304.ibm.com/support/docview.wss?uid=swg21659548
https://www-304.ibm.com/support/docview.wss?uid=swg21663941
https://www-304.ibm.com/support/docview.wss?uid=swg21667254
https://www-304.ibm.com/support/docview.wss?uid=swg21667526
https://www-304.ibm.com/support/docview.wss?uid=swg21672843
https://www-304.ibm.com/support/docview.wss?uid=swg21672316
https://www-304.ibm.com/support/docview.wss?uid=swg21673013

* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
IBM WebSphere Application Server 7.0 Fix Pack 33 ÀÌÀüÀÇ 7.0 ¹öÀüµé
ÇØ°áÃ¥ 'IBM Support & downloads' À¥ »çÀÌÆ®ÀÎ https://www-304.ibm.com/support/docview.wss?rs=180&uid=swg27004980#ver70 ¿¡¼­ ±¸ÇÒ ¼ö ÀÖ´Â IBM WebSphere Application ¼­¹öÀÇ °¡Àå ÃֽŠ¹öÀü 7.0.0.33 ȤÀº ÀÌÈÄ·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù.
°ü·Ã URL CVE-2013-6323,CVE-2013-6329,CVE-2013-6438,CVE-2013-6738,CVE-2013-6747,CVE-2014-0050,CVE-2014-0098,CVE-2014-0114,CVE-2014-0453,CVE-2014-0460 (CVE)
°ü·Ã URL 64249,65156,65400,66303,66914,66916,67051,67121,67238,67335,67579,67601,67720,68210,68211 (SecurityFocus)
°ü·Ã URL (ISS)