.jpg)
CVE-2015-5997, CVE-2015-5998
[º¸¾È´º½º ÁÖ¼ÒÇü] ÇöÁö ½Ã°¢À¸·Î 14ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 14ÀÏ¿¡¼ 15ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÔ´Ï´Ù.
1. CVE-2014-9745
FreeType 2.5.3 ÀÌÀü ¹öÀüÀÇ parse_encoding ±â´É¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ Postscript ½ºÆ®¸² ¾È¿¡ ÀÖ´Â ¡°broken number-with-base¡±¸¦ ÅëÇØ ¼ºñ½º °ÅºÎ°¡ °¡´ÉÇÏ°Ô ÇÕ´Ï´Ù.
2. CVE-2015-1943
IBM WebSphere Portal 6.1.0.x-6.1.0.6 CF27, 6.1.5.x-6.1.5.3 CF27, 7.0.x-7.0.0.2 CF29, 8.0.x, 8.0.0.1 CF17, 8.5.0, CF06 ÀÌÀü ¹öÀü¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ Á¶ÀÛµÈ ¿äûÀ» ÅëÇØ ¼ºñ½º °ÅºÎ¸¦ °¡´ÉÇÏ°Ô ÇÕ´Ï´Ù.
3. CVE-2015-4980
IBM WebSphere Commerce 7.0.0.6-7.0.0.9 ¹öÀü¿¡¼ ¹ß°ßµÈ ¸í½ÃµÇÁö ¾ÊÀº Ãë¾àÁ¡À¸·Î ÀÎÁõµÈ »ç¿ëÀÚ°¡ ¿ø°Ý¿¡¼ ¾Ë·ÁÁöÁö ¾ÊÀº º¤Å͸¦ ÅëÇØ ¹Î°¨ÇÑ °³ÀÎÁ¤º¸¸¦ Å»ÃëÇÒ ¼ö ÀÖ½À´Ï´Ù.
4. CVE-2015-5997
Impero Education Pro 5105 ÀÌÀü ¹öÀü¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î Çϵå ÄÚµåµÈ CBC key ¹× ÃʱâÈ ¼³Á¤ º¤Å͸¦ »ç¿ëÇÕ´Ï´Ù. ÀÌ·Î ÀÎÇØ °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ ³×Æ®¿öÅ©¸¦ ½º´ÏÇÎ(sniffing)ÇÏ¿© plaintext µ¥ÀÌÅ͸¦ Å»ÃëÇÒ ¼ö ÀÖ½À´Ï´Ù.
5. CVE-2015-5998
Impero Education Pro 5105 ÀÌÀü ¹öÀü¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ ¾ÏÈ£ÈµÈ ¸í·É¾î¸¦ ÅëÇØ ÀÓÀÇÀÇ ÇÁ·Î±×·¥À» ½ÇÇàÇÒ ¼ö ÀÖ½À´Ï´Ù.
Copyrighted 2015. UBM-Tech. 117153:0515BC
[±¹Á¦ºÎ ÁÖ¼ÒÇü ±âÀÚ(sochu@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(http://www.boannews.com/) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
ÁÖ¼ÒÇü±âÀÚ ±â»çº¸±â
[2024-11-22] .jpg)
.jpg)
.jpg)
.jpg)
.jpg)
