.jpg)
CVE-2015-2169, CVE-2015-2308
[º¸¾È´º½º ÁÖ¼ÒÇü] ÇöÁö ½Ã°¢À¸·Î 6¿ù 24ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 24ÀÏ¿¡¼ 25ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÔ´Ï´Ù.
1. CVE-2013-7397
AHC ȯ°æ¿¡¼ ÀÓÀÇÀÇ ÀÎÁõ¼¸¦ Á¦½ÃÇÔÀ¸·Î¼ HTTPS ¼¹ö¸¦ ½ºÇªÇÁÇÏ¿© Áß°£ÀÚ °ø°ÝÀ» °¡ÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡À¸·Î °í°´ ÀÎÁõ¼¸¦ Àü¼ÛÇÏÁö ¾Ê°Ô ÇØÁÝ´Ï´Ù.
2. CVE-2013-7398
AHC(¶Ç´Â async-http-client) 1.9.0 ÀÌÀü ¹öÀüÀÇ main/java/com/ning/http/client/AsyncHttpClientConfig.java¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î Áß°¢ÀÚ °ø°ÝÀ» °¡ÇÏ´Â °ø°ÝÀÚ°¡ ÀÓÀÇÀÇ °¡´É ÀÎÁõ¼¸¦ ÅëÇØ HTTPS ¼¹ö¸¦ ½ºÇªÇÁÇÒ ¼ö ÀÖ°Ô ÇØÁÝ´Ï´Ù.
3. CVE-2014-4875
Toshiba CHEC 6.6, 6.7 ÀÌÀü ¹öÀüÀÇ CreateBossCredentials.jar¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î ÇϵåÄÚµåµÇ¾î ÀÖ´Â AES key°¡ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù. ÀÌ´Â °ø°ÝÀÚ°¡ ·¹¹ö¸®Â¡ Á¤º¸¿¡ ÀÇÇØ BOSS DB2¿¡ ÀÖ´Â ±â¹Ð¹®¼¸¦ ¹ß°ßÇÒ ¼ö ÀÖ°Ô ÇØÁÝ´Ï´Ù.
4. CVE-2015-2169
Zoho ManageEngine AssetExplorer 6.1 ¹öÀü¿¡¼ ¹ß°ßµÈ XSS Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ ·¹Áö½ºÆ®¸® ±ÇÇÑÀ» ÅëÇØ ÀÓÀÇÀÇ À¥ ½ºÅ©¸³Æ®³ª HTMLÀ» ÁÖÀÔÇÒ ¼ö ÀÖ°Ô ÇØÁÝ´Ï´Ù. ÀÌ´Â ±â°è ½ºÄµÀÌ Á¦´ë·Î ÀÛµ¿ÇÒ ¼ö ¾ø°Ô ÇØÁÝ´Ï´Ù.
5. CVE-2015-2308
HttpCache class, HttpKernel, Symfony 2.x, 2.3.27, 2.4.x, 2.5.x, 2.5.11, 2.6.x, 2.6.6 ÀÌÀü ¹öÀü¿¡¼ ¹ß°ßµÈ Eval injection Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ SCRIPT ¿ä¼Ò °¡¿îµ¥ php ¾ð¾î¸¦ ÅëÇØ ÀÓÀÇÀÇ PHP Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ°Ô ÇØÁÝ´Ï´Ù.
Copyrighted 2015. UBM-Tech. 117153:0515BC
[±¹Á¦ºÎ ÁÖ¼ÒÇü ±âÀÚ(sochu@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
ÁÖ¼ÒÇü±âÀÚ ±â»çº¸±â
[2024-11-01] 
.jpg)
