| Ãë¾àÁ¡ID |
22928 |
| À§Çèµµ |
30 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ Tomcat 9.0.20 ÀÌÀü ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ½À´Ï´Ù. ÇØ´ç ¹öÀüÀº fixed_in_apache_tomcat_9.0.20_security-9 ±Ç°í¿¡ ¾ð±Þ µÈ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.
- CVE-2019-0199¿¡ ´ëÇÑ ¼öÁ¤ÀÌ ºÒ¿ÏÀüÇÏ°í ¾²±â ½Ã HTTP / 2 ¿¬°á â °í°¥ ¹®Á¦¸¦ ÇØ°áÇÏÁö ¸øÇß½À´Ï´Ù. ¿¬°á â (½ºÆ®¸² 0)¿¡ ´ëÇØ WINDOW_UPDATE ¸Þ½ÃÁö¸¦ Àü¼ÛÇÏÁö ¾ÊÀ¸¸é Ŭ¶óÀ̾ðÆ®°¡ ¼¹ö Ãø ½º·¹µå¸¦ Â÷´ÜÇÏ¿© °á±¹ ½º·¹µå °í°¥ ¹× DoS°¡ ¹ß»ýÇÒ ¼ö ÀÖ½À´Ï´Ù. (CVE-2019-10072)
* Âü°í »çÀÌÆ®:
https://github.com/apache/tomcat/commit/7f748eb https://github.com/apache/tomcat/commit/ada725a https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.20
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Apache Tomcat Server 9.0.20 ÀÌÀüÀÇ 9.0.x ¹öÀüµé
¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
| ÇØ°áÃ¥ |
Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://tomcat.apache.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache Tomcat ServerÀÇ °¡Àå ÃֽŠ¹öÀü(9.0.20 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2019-0199,CVE-2019-10072 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
