| Ãë¾àÁ¡ID |
22925 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ Tomcat ¹öÀüÀº 8.5.41 ÀÌÀü ¹öÀüÀÔ´Ï´Ù. ÇØ´ç ¹öÀüÀº fixed_in_apache_tomcat_8.5.41_security-8 ±Ç°í¿¡¼ ¾ð±Þ µÈ Ãë¾àÁ¡ÀÇ ¿µÇâÀ»¹Þ½À´Ï´Ù.
- CVE-2019-0199¿¡ ´ëÇÑ ¼öÁ¤ÀÌ ºÒ¿ÏÀüÇÏ°í ¾²±â ½Ã HTTP / 2 ¿¬°á â °í°¥ ¹®Á¦¸¦ ÇØ°áÇÏÁö ¸øÇß½À´Ï´Ù. ¿¬°á â (½ºÆ®¸² 0)¿¡ ´ëÇØ WINDOW_UPDATE ¸Þ½ÃÁö¸¦ Àü¼ÛÇÏÁö ¾ÊÀ¸¸é Ŭ¶óÀ̾ðÆ®°¡ ¼¹ö Ãø ½º·¹µå¸¦ Â÷´ÜÇÏ¿© °á±¹ ½º·¹µå °í°¥ ¹× DoS°¡ ¹ß»ýÇÒ ¼ö ÀÖ½À´Ï´Ù. (CVE-2019-10072)
* Âü°í »çÀÌÆ®:
https://github.com/apache/tomcat/commit/0bcd69c https://github.com/apache/tomcat/commit/8d14c6f https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.41
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Apache Tomcat Server 8.5.41 ÀÌÀüÀÇ 8.5.x ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://tomcat.apache.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache Tomcat ServerÀÇ °¡Àå ÃֽŠ¹öÀü(8.5.41 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2019-0199,CVE-2019-10072 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
