Ãë¾àÁ¡ID |
22865 |
À§Çèµµ |
40 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
WWW |
»ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ 7.0.90 ÀÌÀü 7.0.x ¹öÀü Apache Tomcat ÀÌ ¼³Ä¡µÇ¾î ÀÖÀ¸¸ç, ´ÙÀ½ÀÇ ´ÙÁß Ãë¾àÁ¡ÀÌ Á¸ÀçÇÑ´Ù.
- ¾ÈÀüÇÏÁö ¾ÊÀº CORS ÇÊÅÍÀÇ ±âº»°ª ¼³Á¤ÀÌ È°¼ºÈµÇ¾î ÀÖ½À´Ï´Ù. CORS ÇÊÅÍ´Â ±âº»ÀûÀ¸·Î ºñ È°¼ºÈ µÇ¾î¾ß Çϸç, ȯ°æ¿¡ ¸Â°Ô CORS ÇÊÅ͸¦ ÀûÀýÇÏ°Ô ±¸¼ºÇØ¾ß ÇÕ´Ï´Ù. (CVE-2018-8014)
- Tomcat¿¡¼ ÀÎÁõ¼ ½Äº° ¿À·ù·Î ÀÎÇØ ÀÎÁõÀÌ ÇØÁöµÈ Ŭ¶óÀ̾ðÆ®ÀÇ ÀÎÁõ¼·Î ÀÎÁõÀ» ¹Þ¾Æ ÀÎÁõ¿ìȸ¸¦ ÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ (CVE-2018-8019, CVE-2018-8020)
- WebSocket Ŭ¶óÀ̾ðÆ®¿¡¼ TLS¸¦ »ç¿ëÇÒ ¶§ È£½ºÆ® À̸§ È®ÀÎÀÌ ´©¶ôµÇ¾ú½À´Ï´Ù. (CVE-2018-8034) * Âü°í »çÀÌÆ®: https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.89 https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.90 https://portswigger.net/blog/exploiting-cors-misconfigurations-for-bitcoins-and-bounties
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: Apache Tomcat Server 7.0.90 ÀÌÀüÀÇ 7.0.x ¹öÀüµé ¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
ÇØ°áÃ¥ |
Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://tomcat.apache.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache Tomcat ServerÀÇ °¡Àå ÃֽŠ¹öÀü(7.0.90 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2018-8014,CVE-2018-8019,CVE-2018-8020,CVE-2018-8034 (CVE) |
°ü·Ã URL |
(SecurityFocus) |
°ü·Ã URL |
(ISS) |
|