| Ãë¾àÁ¡ID |
22798 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
ÇØ´ç È£½ºÆ®¿¡´Â ¹öÀü 2.4.27 ÀÌÀüÀÇ Apache HTTP ¼¹ö°¡ °¡µ¿ ÁßÀÎ °ÍÀ¸·Î ³ªÅ¸³´Ù. ÇØ´ç ¹öÀüÀº ´ÙÀ½°ú °°Àº Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
'Digest' ŸÀÔÀÇ '[Proxy-]Authorization' Çì´õ¿¡ 'value placeholder' °¡ ¼º°ø Å° °ª ÇÒ´ç ÀÌÀü ȤÀº »çÀÌ¿¡ 'mod_auth_digest'¿¡ ÀÇÇØ ÃʱâÈ µÇÁö ¾Ê¾Ò°Å³ª, Àç¼³Á¤ µÇÁö ¾Ê¾Ò´Ù. ÀÌ°ÍÀº '=' °¡ ÇÒ´çµÇÁö ¾Ê°í, ¿ì¼± ¿äû¿¡ »ç¿ëµÇ´Â Ç® ¸Þ¸ð¸®ÀÇ ÃʱâÈ µÇÁö ¾ÊÀº ¿À¿°µÈ °ªÀÌ ¹Ý¿µµÈ Ãʱâ Å°¸¦ Á¦°øÇÏ°í, ÀáÀçÀûÀ¸·Î ±Øºñ Á¤º¸ À¯Ãâ°ú ¼ºñ½º °ÅºÎ¸¦ ÀÏÀ¸Å°´Â ¼¼±×ÆúÆ®¸¦ ¾ß±âÇÑ´Ù.
* Âü°í»çÀÌÆ®:
https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb@%3Cannounce.httpd.apache.org%3E
https://httpd.apache.org/security/vulnerabilities_22.html
https://httpd.apache.org/security/vulnerabilities_24.html
* ¿µÇâÀ» ¹Þ´Â Ç÷¿Æû:
Apache HTTP versions 2.4.27 ÀÌÀüÀÇ 2.4.x ¹öÀüµé
¸ðµç OS ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://httpd.apache.org/download.cgi ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache HTTP ServerÀÇ °¡Àå ÃֽŠ¹öÀü(2.4.27 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2017-9788 (CVE) |
| °ü·Ã URL |
99569 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
