[º¸¾È´º½º ¹Î¼¼¾Æ] Apache Struts2¿¡¼ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ µîÀ» º¸¿ÏÇÑ º¸¾È ¾÷µ¥ÀÌÆ®°¡ ¹ßÇ¥µÆ´Ù. ÇØ´ç Ãë¾àÁ¡Àº ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2016-3081, CVE-2016-3082)ÀÌ´Ù.
¿µÇâ ¹Þ´Â ¹öÀüÀº Struts 2.0.0¹öÀüºÎÅÍ Struts 2.3.28¹öÀü±îÁöÀ̸ç, 2.3.20.3 ¹× 2.3.24.3¹öÀüÀº Á¦¿Ü´Ù.
Ãë¾àÁ¡À» ÇØ°áÇϱâ À§Çؼ´Â Struts 2.3.20.3, 2.3.24.3, 2.3.28.1¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ¸é µÈ´Ù.
ÀÌ¿Í °ü·Ã º¸´Ù ÀÚ¼¼ÇÑ »çÇ×Àº ¾Æ·¡ÀÇ Âü°í»çÀÌÆ®¸¦ È®ÀÎÇϰųª Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ(±¹¹ø ¾øÀÌ 118)·Î ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
1. http://struts.apache.org/download.cgi#struts23281
2. http://struts.apache.org/docs/version-notes-23281.html
3. http://struts.apache.org/docs/s2-031.html
4. http://struts.apache.org/docs/s2-032.html
[¹Î¼¼¾Æ ±âÀÚ(boan5@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>