Home > Àüü±â»ç

[4.28 ¹ö±×¸®Æ÷Æ®] CVE-2015-0175 èâ

ÀÔ·Â : 2015-04-28 16:18
ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

CVE-2015-0175, CVE-2015-0174, CVE-2015-0113

CVE-2014-6092, CVE-2014-6090


[º¸¾È´º½º ¹®°¡¿ë] ÇöÁö ½Ã°¢À¸·Î 4¿ù 27ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 27ÀÏ¿¡¼­ 28ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µé Áß ´Ù¼¸ °³ÀÔ´Ï´Ù.


1. CVE-2015-0175

IBMÀÇ WebSphere Application Server(WAS) 8.5 Liberty Profile 8.5.5.5 ÀÌÀü ¹öÀü¿¡¼­ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î authData ¿ä¼Ò¸¦ Á¦´ë·Î ¹Ý¿µÇÏÁö ¸øÇÔÀ¸·Î½á ¿ø°Ý¿¡¼­ ÀÎÁõµÈ »ç¿ëÀÚ È¤Àº ¿ø°Ý¿¡¼­ ·Î±×ÀÎÇÑ »ç¿ëÀÚ°¡ µî·ÏµÇÁö ¾ÊÀº °æ·Î·Îµµ ±ÇÇÑÀ» °¡Áú ¼ö ÀÖ°Ô µË´Ï´Ù.


2. CVE-2015-0174

¿ª½Ã IBMÀÇ WebSphere Application Server 8.5ÀÇ 8.5.5.5 ÀÌÀü ¹öÀü¿¡¼­ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î ȯ°æ¼³Á¤ µ¥ÀÌÅ͸¦ ¿Ã¹Ù¸£°Ô ó¸®ÇÏÁö ¸øÇÏ´Â µ¥¼­ ¹ß»ýÇÕ´Ï´Ù. ¿ø°Ý¿¡¼­ ·Î±×ÀÎÇÑ »ç¿ëÀÚ°¡ µî·ÏµÇÁö ¾ÊÀº °æ·Î·Î ¹Î°¨ÇÑ Á¤º¸¿¡ Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï ÇÕ´Ï´Ù.


3. CVE-2015-0113

ƯÁ¤ IBM Á¦Ç°±ºÀÇ Jazz ÇïÇÁ ½Ã½ºÅÛ¿¡¼­ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ Àß Á¶ÀÛÇÑ ¿äûÀ» ÅëÇØ ¿ø°ÝÀ¸·Î JSP ¼Ò½º Äڵ带 ÀÐ¾î µéÀÏ ¼ö ÀÖ°Ô ÇØÁÝ´Ï´Ù. ÀÌ Ãë¾àÁ¡¿¡ ÇØ´çÇÏ´Â Á¦Ç°°ú ¹öÀüÀº ´ÙÀ½°ú °°½À´Ï´Ù.

- Rational Collaborative Lifecycle Management 4.0¹öÀü~5.0.2¹öÀü

- Rational Quality Manager 4.0~4.0.7, 5.0~5.0.2

- Rational Requirements Composer 4.0~4.0.7

- Rational DOORS Next Generation 4.0~4.0.7, 5.0~5.0.2

- Rational Engineering Lifecycle Manager 4.0.3~4.0.7, 5.0~5.0.2

- Rational Rhapsody Design Manager 4.0~4.0.7, 5.0~5.0.2

- Rational Software Architect Design Manager 4.0~4.0.7, 5.0~5.0.2

 

4. CVE-2014-6092

¿ø°Ý¿¡¼­ DoS °ø°ÝÀ» °¡´ÉÇÏ°Ô ÇØÁÖ´Â Ãë¾àÁ¡À¸·Î IBMÀÇ Curam Social Program ManagementÀÇ 5.2 ¹öÀü¿¡¼­ ¹ß°ßµÇ¾ú½À´Ï´Ù. ´õ Á¤È®È÷ ¸»ÇÏÀÚ¸é SP6 EP6, EP26 ÀÌÀüÀÇ 6.0 SP2, 6.0.4.6 ÀÌÀüÀÇ 6.0.4 ¹öÀü, 6.0.5.6 ÀÌÀüÀÇ 6.0.5 ¹öÀüÀÔ´Ï´Ù. »ç¿ëÀÚ°¡ ·Î±×ÀÎ ½Ãµµ¸¦ ¹Ýº¹Çؼ­ ½Ç¼öÇؼ­ °èÁ¤ÀÌ Àá°åÀ» ¶§ À¥ ¼­ºñ½º °èÁ¤µµ °°ÀÌ Àá±â°Ô ÇÏ´Â ±â´É¿¡¼­ ¹ß»ýÇÏ´Â Ãë¾àÁ¡À¸·Î ·Î±×ÀÎ ½Ãµµ¸¦ ¸¹Àº ȸ¼ö µ¿¾È ½ÇÆÐÇϸé DoS °ø°ÝÀÌ ½ÃÀ۵ȴٰí ÇÕ´Ï´Ù.


5. CVE-2014-6090

IBMÀÇ Curam Social Program Management Áß EP6 ÀÌÀüÀÇ 5.2 SP6, EP26 ÀÌÀüÀÇ 6.0 SP2, 6.0.3.0 iFix8 ÀÌÀüÀÇ 6.0.3, 6.0.4.5 iFix10 ÀÌÀüÀÇ 6.0.4, 6.0.5.6 ÀÌÀüÀÇ 6.0.5 ¹öÀü¿¡ ÀÖ´Â CSRF Ãë¾àÁ¡À¸·Î 1) DataMappingEditorCommands, 2) DatastoreEditorCommands, 3) IEGE¾ß»öCommands ¼­ºê·¿¿¡ Á¸ÀçÇÕ´Ï´Ù. ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ »ç¿ëÀÚÀÇ ±ÇÇÑÀ» ÇÏÀÌÀçÅ·ÇÏ´Â °É °¡´ÉÇÏ°Ô ÇØÁÝ´Ï´Ù.

@DARKReading

[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]


<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>

  •  
  • 1
  • ÆäÀ̽ººÏ º¸³»±â Æ®À§ÅÍ º¸³»±â ³×À̹ö ¹êµå º¸³»±â Ä«Ä«¿À ½ºÅ丮 º¸³»±â ³×À̹ö ºí·Î±× º¸³»±â

ÃÖÁø±Ô 2015.04.29 09:46

»õ·Î¿î cve Ãë¾àÁ¡ÀÌ ¹ßÇ¥‰ç³×¿ä


  • ¡°
  •  SNS¿¡¼­µµ º¸¾È´º½º¸¦ ¹Þ¾Æº¸¼¼¿ä!! 
  • ¡±
 ÇÏÀÌÁ¨ ÆÄ¿öºñÁî 23³â 11¿ù 16ÀÏ~2024³â 11¿ù 15ÀϱîÁö ¾Æ½ºÆ®·Ð½ÃÅ¥¸®Æ¼ ÆÄ¿öºñÁî 2023³â2¿ù23ÀÏ ½ÃÀÛ ³Ý¾Øµå ÆÄ¿öºñÁî ÁøÇà 2020³â1¿ù8ÀÏ ½ÃÀÛ~2021³â 1¿ù8ÀϱîÁö À§Áîµð¿£¿¡½º 2018
¼³¹®Á¶»ç
ÃÖ±Ù ¹ß»ýÇÑ Å©¶ó¿ìµå ½ºÆ®¶óÀÌÅ©ÀÇ º¸¾È SW ¾÷µ¥ÀÌÆ® ¿À·ù »çÅÂó·³ SW °ø±Þ¸Á¿¡ º¸¾ÈÀ̽´°¡ ¹ß»ýÇÒ °æ¿ì °ü·ÃµÈ °¢Á¾ ½Ã½ºÅÛ ¹× IT ÀÎÇÁ¶ó ¸¶ºñ°¡ ÀϾ ¼ö ÀÖ´Ù´Â °Ô µå·¯³µ½À´Ï´Ù. ÀÌ·¯ÇÑ °ø±Þ¸Á º¸¾ÈÀ» À§ÇùÇÏ´Â °¡Àå Å« ¿äÀÎÀº ¹«¾ùÀ̶ó°í »ý°¢ÇϽóª¿ä?
·£¼¶¿þ¾î, ÇÇ½Ì µîÀÇ »çÀ̹ö °ø°Ý
SW ¾÷µ¥ÀÌÆ® ¹× SW ±³Ã¼ °úÁ¤¿¡¼­ÀÇ ¿À·ù
SW ÀÚü¿¡ Á¸ÀçÇÏ´Â º¸¾È Ãë¾àÁ¡
½Ã½ºÅÛ °ü¸®ÀÚÀÇ ¿î¿µ»ó ½Ç¼ö ¹× °ü¸® ¹ÌÈí
±âŸ(´ñ±Û·Î)