Ãë¾àÁ¡ID |
22935 |
À§Çèµµ |
40 |
Æ÷Æ® |
80, ... |
ÇÁ·ÎÅäÄÝ |
TCP |
ºÐ·ù |
WWW |
»ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ Tomcat 8.5.51 ÀÌÀü ¹öÀüÀÌ ¼³Ä¡µÇ¾î ÀÖ½À´Ï´Ù. ÇØ´ç ¹öÀüÀº ´ÙÀ½°ú °°Àº ´ÙÁßÃë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù.
- ¸®¹ö½º ÇÁ·Ï½Ã µÚÀÇ Transfer-Encoding Çì´õ¸¦ À߸ø ó¸®ÇÏ¿© HTTP ¿äûÀÌ ¹Ð¹ÝÀԵǴ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù. ÀÌ·ÎÀÎÇØ °ø°ÝÀÚ´Â Á¶ÀÛµÈ HTTP ¿äûÀ¸·Î ÀǵµµÇÁö ¾ÊÀº HTTP¿äûÀÌ back-end¿¡ µµ´ÞÇÏ°Ô ÇÒ ¼ö ÀÖ½À´Ï´Ù. (CVE-2019-17569)
- ¶óÀÎ ³¡À» À߸ø ÆĽÌÇÏ¿© HTTP ¿äûÀÌ ¹Ð¹ÝÀԵǴ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù. ÀÌ·ÎÀÎÇØ °ø°ÝÀÚ´Â Á¶ÀÛµÈ HTTP ¿äûÀ¸·Î ÀǵµµÇÁö ¾ÊÀº HTTP¿äûÀÌ back-end¿¡ µµ´ÞÇÏ°Ô ÇÒ ¼ö ÀÖ½À´Ï´Ù. (CVE-2020-1935)
- AJP (Apache JServ Protocol)ÀÇ ½ÇÇà °áÇÔÀ¸·Î ÀÎÇØ °ø°ÝÀÚ°¡ ±ÇÇÑÀÌ ¾ø´Â ÆÄÀÏÀ» ÀÐÀ» ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ Á¸ÀçÇÕ´Ï´Ù. (CVE-2020-1938)
* Âü°í »çÀÌÆ®: https://tomcat.apache.org/security-8.html#Fixed_in_Apache_Tomcat_8.5.51
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû: Apache Tomcat Server 8.5.51 ÀÌÀü 8.5.x ¹öÀüµé ¸ðµç ¿î¿µÃ¼Á¦ ¸ðµç ¹öÀü |
ÇØ°áÃ¥ |
Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://tomcat.apache.org/ ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache Tomcat ServerÀÇ °¡Àå ÃֽŠ¹öÀü(8.5.51 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
°ü·Ã URL |
CVE-2019-17569,CVE-2020-1935,CVE-2020-1938 (CVE) |
°ü·Ã URL |
(SecurityFocus) |
°ü·Ã URL |
(ISS) |
|