| Ãë¾àÁ¡ID |
22954 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
80, ... |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
WWW |
| »ó¼¼¼³¸í |
¿ø°Ý È£½ºÆ®¿¡ ¼³Ä¡µÈ Apache httpd ¹öÀüÀº 2.4.46 ÀÌÀüÀÔ´Ï´Ù. µû¶ó¼ 2.4.46 ±Ç°í¿¡ ¾ð±Þ µÈ ¿©·¯ Ãë¾àÁ¡ÀÇ ¿µÇâÀ» ¹Þ½À´Ï´Ù.
-Apache HTTP ¼¹ö 2.4.32 ~ 2.4.44 mod_proxy_uwsgi Á¤º¸ °ø°³ ¹× °¡´ÉÇÑ RCE (CVE-2020-11984)
-Apache HTTP Server ¹öÀü 2.4.20 ~ 2.4.43 HTTP / 2 ¸ðµâ ¹× ƯÁ¤ Æ®·¡ÇÈ ¿¡Áö ÆÐÅÏ¿¡ ´ëÇØ ÃßÀû / µð¹ö±×°¡ È°¼ºÈ µÈ °æ¿ì À߸øµÈ ¿¬°á¿¡¼ ·Î±ë ¹®ÀÌ ¸¸µé¾îÁ® ¸Þ¸ð¸® Ç®ÀÌ µ¿½Ã¿¡ »ç¿ëµË´Ï´Ù. À§ÀÇ Á¤º¸ mod_http2ÀÇ LogLevelÀ» ±¸¼ºÇϸé ÆÐÄ¡ µÇÁö ¾ÊÀº ¼¹ö¿¡ ´ëÇÑÀÌ Ãë¾àÁ¡ÀÌ ¿Ïȵ˴ϴÙ. (CVE-2020-11993)
-Apache HTTP Server ¹öÀü 2.4.20 ~ 2.4.43. HTTP / 2 ¿äûÀÇ 'Cache-Digest'Çì´õ¿¡ ´ëÇØ Æ¯º°È÷ Á¦ÀÛ µÈ °ªÀº ¼¹ö°¡ ³ªÁß¿¡ ¸®¼Ò½º¸¦ HTTP / 2 PUSHÇÏ·Á°í ÇÒ ¶§ Ãæµ¹À» ÀÏÀ¸ ŵ´Ï´Ù.
H2Push off¸¦ ÅëÇØ HTTP / 2 ±â´ÉÀ» ±¸¼ºÇϸé ÆÐÄ¡ µÇÁö ¾ÊÀº ¼¹ö¿¡ ´ëÇÑÀÌ Ãë¾àÁ¡ÀÌ ¿Ïȵ˴ϴÙ. (CVE-2020-9490)
* Âü°í »çÀÌÆ®:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2020-9490
https://lists.apache.org/thread.html/r5debe8f82728a00a4a68bc904dd6c35423bdfc8d601cfb4579f38bf1@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r623de9b2b2433a87f3f3a15900419fc9c00c77b26936dfea4060f672@%3Cdev.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9e9f1a7609760f0f80562eaaec2aa3c32d525c3e0fca98b475240c71@%3Cdev.httpd.apache.org%3E
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
Apache HTTP Server 2.4.46 ÀÌÀü 2.4.x ¹öÀü
Any operating system Any version |
| ÇØ°áÃ¥ |
Apache Software Foundation À¥ »çÀÌÆ®ÀÎ http://httpd.apache.org/download.cgi ¿¡¼ ±¸ÇÒ ¼ö ÀÖ´Â Apache HTTP ServerÀÇ °¡Àå ÃֽŠ¹öÀü(2.4.46 ȤÀº ÀÌÈÄ)À¸·Î ¾÷±×·¹À̵å ÇÏ¿©¾ß ÇÑ´Ù. |
| °ü·Ã URL |
CVE-2020-9490,CVE-2020-11984,CVE-2020-11993 (CVE) |
| °ü·Ã URL |
(SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
