CVE-2017-7409, CVE-2017-7951
[º¸¾È´º½º ¹®°¡¿ë ±âÀÚ] ÇöÁö ½Ã°¢À¸·Î 4¿ù 20ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 20ÀÏ¿¡¼ 21ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÌ´Ù.
1. CVE-2017-7990
Reporting Module 1.12.0 for OpenMRSÀÇ CSRF Ãë¾àÁ¡À¸·Î ÀÎÁõµÈ »ç¿ëÀÚ°¡ ÀÚ¹Ù½ºÅ©¸³Æ®¸¦ webapp/reports/manageReports.jspÀÇ À̸§ Çʵ忡 ÀÔ·ÂÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù.
2. CVE-2016-4075
Opera Mini 13¿Í Opera Stable 36 ¹öÀüÀÇ Ãë¾àÁ¡À¸·Î ¿ø°ÝÀÇ °ø°ÝÀÚµéÀÌ Ç¥½ÃµÈ URLÀ» Á¶ÀÛµÈ HTML ¹®¼¸¦ ÅëÇØ ½ºÇªÇÎÇÏ´Â °Ô °¡´ÉÇØÁø´Ù.
3. CVE-2017-7220
OpenText Documentum Content ServerÀÇ Ãë¾àÁ¡À¸·Î sys_obj_save³ª Á¶ÀÛµÈ °³Ã¼ ÀúÀåÀ» ÅëÇØ ÃÖ°í»ç¿ëÀÚ(superuser) ±ÇÇÑÀ» ÃëµæÇÏ´Â °Ô °¡´ÉÇØÁø´Ù. CVE-2015-4532ÀÇ ºÒ¿ÏÁ¤ÇÑ ÇȽº ¶§¹®¿¡ ¹ß»ýÇÑ Ãë¾àÁ¡ÀÌ´Ù.
4. CVE-2017-7409
Palo Alto Networks PAN-OS 7.0.15 ÀÌÀü ¹öÀüÀÇ GlobalProtect ¿ÜºÎ ÀÎÅÍÆäÀ̽ºÀÇ XSS Ãë¾àÁ¡À¸·Î Á¶ÀÛµÈ ¸Å°³º¯¼ö¸¦ ÅëÇØ °ø°ÝÀÌ °¡´ÉÇØÁø´Ù. PAN-SA-2017-0011 ȤÀº PAN-70674¿Í µ¿ÀÏÇÏ´Ù.
5. CVE-2017-7951
WonderCMS 2.0.3 ÀÌÀü ¹öÀüÀÇ CSRF Ãë¾àÁ¡ÀÌ´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>