| Ãë¾àÁ¡ID |
50009 |
| À§Çèµµ |
40 |
| Æ÷Æ® |
139,445 |
| ÇÁ·ÎÅäÄÝ |
TCP |
| ºÐ·ù |
SMB |
| »ó¼¼¼³¸í |
¿ø°ÝÀÇ À©µµ¿ì È£½ºÆ®¿¡´Â ¿©·¯°¡Áö Ãë¾àÁ¡¿¡ ¿µÇâÀ» ¹Þ´Â ÇÁ·Î±×·¡¹Ö Ç÷§ÆûÀÌ ¼³Ä¡µÇ¾î ÀÖ´Ù.
Oracle(¿¹ÀüÀÇ Sun) Java SE³ª ºñÁö´Ï½º¿ë Java °¡ ¼³Ä¡µÇ¾î ÀÖ´Ù.
ÇØ´ç ¹öÀüÀº 7 Update 1 / 6 Update 29 / 5.0 Update 32 / 1.4.2_34 ÀÌÀüÀÇ ¹öÀüÀÌ°í ´ÙÀ½ ÄÄÆ÷³ÍÆ®µé¿¡¼ º¸¾È À̽´°¡ Á¸ÀçÇÑ´Ù:
- 2D
- AWT
- Deployment
- Deserialization
- Hotspot
- Java Runtime Environment
- JAXWS
- JSSE
- Networking
- RMI
- Scripting
- Sound
- Swing
* ¾Ë¸²: ÀÌ Á¡°ËÇ׸ñÀº ÀÌ Ãë¾àÁ¡À» Á¡°ËÇϱâ À§ÇØ ÇØ´ç Oracle µ¥ÀÌÅͺ£À̽º ¼¹öÀÇ ¹öÀü Á¤º¸¸¸À» È®ÀÎÇÑ´Ù. µû¶ó¼ °ÅÁþ ¾ç¼º¹ÝÀÀ(False Positive)À» º¸ÀÏ ¼ö ÀÖ´Ù.
* Âü°í »çÀÌÆ®:
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
https://nealpoole.com/blog/2011/10/java-applet-same-origin-policy-bypass-via-http-redirect/
https://nealpoole.com/blog/2011/10/java-deployment-toolkit-plugin-does-not-validate-installer-executable/
* ¿µÇâÀ» ¹Þ´Â Ç÷§Æû:
JDK and JRE 7
JDK and JRE 6 Update 27 and earlier
JDK and JRE 5.0 Update 31 and earlier
SDK and JRE 1.4.2_33 and earlier
JavaFX 2.0
JRockit R28.1.4 and earlier (JDK and JRE 6 and 5.0)
Microsoft Windows Any version
Linux Any version
Unix Any version |
| ÇØ°áÃ¥ |
Oracle »ç´Â ÀÌ ¹®Á¦µéÀ» ÇØ°áÇÒ ¼ö ÀÖ´Â Critical Patch Update¸¦ ³» ³õ¾Ò´Ù. ÀûÀýÇÑ ÆÐÄ¡ ȹµæ ¹× Àû¿ë¿¡ °üÇÑ Á¤º¸´Â ´ÙÀ½ 2011³â 10¿ù Oracle Java SE Critical Patch Update¿¡¼ ãÀ» ¼ö ÀÖ´Ù:
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html#PatchTable |
| °ü·Ã URL |
CVE-2011-3516,CVE-2011-3521,CVE-2011-3544,CVE-2011-3545,CVE-2011-3546,CVE-2011-3547,CVE-2011-3548,CVE-2011-3549,CVE-2011-3550 (CVE) |
| °ü·Ã URL |
50118,50211,50215,50216,50218,50220,50223,50224,50226,50229,50231,50234,50236,50237,50239,50242,50243,50246,50248,50250 (SecurityFocus) |
| °ü·Ã URL |
(ISS) |
|
