.jpg)
.jpg)
CVE-2017-17535, CVE-2017-7344, CVE-2017-10703
CVE-2017-5264, CVE-2017-16355
[º¸¾È´º½º ¹®°¡¿ë ±âÀÚ] ÇöÁö ½Ã°¢À¸·Î 12¿ù 14ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 14ÀÏ¿¡¼ 15ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÌ´Ù.
.jpg)
1. CVE-2017-17535
Bob Hepple gjots2 2.4.1 ¹öÀüÀÇ lib/gui.pyÀÇ Ãë¾àÁ¡À¸·Î BROWSER ȯ°æ º¯¼ö°¡ ƯÁ¤ÇÑ ÇÁ·Î±×·¥À» ½ÃÀÛÇϱâ Àü¿¡ ¹®ÀÚ¿À» È®ÀÎÇÏÁö ¾Ê´Â´Ù. ÀÌ·Î½á ¿ø°ÝÀÇ °ø°ÝÀÚµéÀÌ argument-injection °ø°ÝÀ» ½Ç½ÃÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù.
2. CVE-2017-7344
Fortinet FortiClient Windows 5.4.3 ¹× ÀÌÀü ¹öÀüÀÇ ±ÇÇÑ »ó½Â Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ º¸¾È ¾Ë¶÷ ´ëÈâÀ» Á¶ÀÛÇØ ±ÇÇÑÀ» »ó½Â½Ãų ¼ö ÀÖ´Ù.
3. CVE-2016-10703
ecstatic npm package 2.0.0 ÀÌÀü ¹öÀüÀÇ lib/ecstatic.jsÀÇ DoS Ãë¾àÁ¡À¸·Î ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ ¾Ç¼ºÀ¸·Î Á¶ÀÛÇÑ ¹®ÀÚ¿À» ÅëÇØ ¼¹ö¸¦ ¸¶ºñ½Ãų ¼ö ÀÖ´Ù.
4. CVE-2017-5264
Nexpose 6.4.66 ÀÌÀü ¹öÀüµéÀÇ CSRF Ãë¾àÁ¡ÀÌ´Ù.
5. CVE-2017-16355
Phusion Passenger 5.1.10 ¹öÀüÀÇ agent/Core/SpawningKit/Spawner.hÀÇ Ãë¾àÁ¡ÀÌ´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
CVE-2017-5264, CVE-2017-16355
[º¸¾È´º½º ¹®°¡¿ë ±âÀÚ] ÇöÁö ½Ã°¢À¸·Î 12¿ù 14ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 14ÀÏ¿¡¼ 15ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÌ´Ù.
[À̹ÌÁö = iclickart]
1. CVE-2017-17535
Bob Hepple gjots2 2.4.1 ¹öÀüÀÇ lib/gui.pyÀÇ Ãë¾àÁ¡À¸·Î BROWSER ȯ°æ º¯¼ö°¡ ƯÁ¤ÇÑ ÇÁ·Î±×·¥À» ½ÃÀÛÇϱâ Àü¿¡ ¹®ÀÚ¿À» È®ÀÎÇÏÁö ¾Ê´Â´Ù. ÀÌ·Î½á ¿ø°ÝÀÇ °ø°ÝÀÚµéÀÌ argument-injection °ø°ÝÀ» ½Ç½ÃÇÒ ¼ö ÀÖ°Ô ÇØÁØ´Ù.
2. CVE-2017-7344
Fortinet FortiClient Windows 5.4.3 ¹× ÀÌÀü ¹öÀüÀÇ ±ÇÇÑ »ó½Â Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ º¸¾È ¾Ë¶÷ ´ëÈâÀ» Á¶ÀÛÇØ ±ÇÇÑÀ» »ó½Â½Ãų ¼ö ÀÖ´Ù.
3. CVE-2016-10703
ecstatic npm package 2.0.0 ÀÌÀü ¹öÀüÀÇ lib/ecstatic.jsÀÇ DoS Ãë¾àÁ¡À¸·Î ¿ø°ÝÀÇ °ø°ÝÀÚ°¡ ¾Ç¼ºÀ¸·Î Á¶ÀÛÇÑ ¹®ÀÚ¿À» ÅëÇØ ¼¹ö¸¦ ¸¶ºñ½Ãų ¼ö ÀÖ´Ù.
4. CVE-2017-5264
Nexpose 6.4.66 ÀÌÀü ¹öÀüµéÀÇ CSRF Ãë¾àÁ¡ÀÌ´Ù.
5. CVE-2017-16355
Phusion Passenger 5.1.10 ¹öÀüÀÇ agent/Core/SpawningKit/Spawner.hÀÇ Ãë¾àÁ¡ÀÌ´Ù.
[±¹Á¦ºÎ ¹®°¡¿ë ±âÀÚ(globoan@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
¹®°¡¿ë±âÀÚ ±â»çº¸±â
[2024-11-01] 
