Ãë¾àÁ¡ID |
22797 |
À§Çèµµ |
30 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
WWW |
»ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â ¹öÀü 2.2.34 ÀÌÀüÀÇ Apache HTTP ¼¹ö°¡ °¡µ¿ ÁßÀÎ °ÍÀ¸·Î ³ªÅ¸³´Ù. ÇØ´ç ¹öÀüÀº ´ÙÀ½°ú °°Àº Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
'Digest' ŸÀÔÀÇ '[Proxy-]Authorization' Çì´õ¿¡ 'value placeholder' °¡ ¼º°ø Å° °ª ÇÒ´ç ÀÌÀü ȤÀº »çÀÌ¿¡ 'mod_auth_digest'¿¡ ÀÇÇØ ÃʱâÈ µÇÁö ¾Ê¾Ò°Å³ª, Àç¼³Á¤ µÇÁö ¾Ê¾Ò´Ù. ÀÌ°ÍÀº '=' °¡ ÇÒ´çµÇÁö ¾Ê°í, ¿ì¼± ¿äû¿¡ »ç¿ëµÇ´Â Ç® ¸Þ¸ð¸®ÀÇ ÃʱâÈ µÇÁö ¾ÊÀº ¿À¿°µÈ °ªÀÌ ¹Ý¿µµÈ Ãʱâ Å°¸¦ Á¦°øÇÏ°í, ÀáÀçÀûÀ¸·Î ±Øºñ Á¤º¸ À¯Ãâ°ú ¼ºñ½º °ÅºÎ¸¦ ÀÏÀ¸Å°´Â ¼¼±×ÆúÆ®¸¦ ¾ß±âÇÑ´Ù.
* Âü°í»çÀÌÆ®: https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3Cannounce.httpd.apache.org%3E https://httpd.apache.org/security/vulnerabilities_22.html https://httpd.apache.org/security/vulnerabilities_24.html
* ¿µÇâÀ» ¹Þ´Â Ç÷¿Æû: Apache HTTP versions 2.2.34 ÀÌÀüÀÇ 2.2.x ¹öÀüµé ¸ðµç OS ¸ðµç ¹öÀü |
ÇØ°áÃ¥ |
Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://httpd.apache.org/download.cgi ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache HTTP ServerÀÇ °¡Àå ÃֽŠ¹öÀü(2.2.34 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2017-9788 (CVE) |
°ü·Ã URL |
99569 (SecurityFocus) |
°ü·Ã URL |
(ISS) |
|