Struts ÇÁ·¹ÀÓ¿öÅ© Äھ¼ »ç¿ëÀÚ µ¥ÀÌÅÍ °ËÁõ ¹ÌÈíÀ¸·Î ¿ø°ÝÄÚµå ½ÇÇàµÉ ¼ö ÀÖ¾î
Struts 2.3 ¢¦ 2.3.34 ¹öÀü°ú Struts 2.5 ¢¦ 2.5.16 ¹öÀü »ç¿ëÀÚ, ¾÷µ¥ÀÌÆ® Àû¿ëÇؾß
[º¸¾È´º½º ±è°æ¾Ö ±âÀÚ] Apache Struts¿¡¼ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß°ßµÆ´Ù. ³·Àº ¹öÀüÀ» »ç¿ë ÁßÀÎ ½Ã½ºÅÛÀº ¾Ç¼ºÄÚµå °¨¿°¿¡ Ãë¾àÇÒ ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
À̹ø¿¡ ¹ß°ßµÈ Ãë¾àÁ¡Àº Struts ÇÁ·¹ÀÓ¿öÅ©ÀÇ Äھ¼ »ç¿ëÀÚÀÇ µ¥ÀÌÅÍ¿¡ ´ëÇÑ °ËÁõÀÌ ¹ÌÈíÇØ ¹ß»ýÇÏ´Â ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2018-11776)ÀÌ´Ù.
¿µÇâÀ» ¹Þ´Â Á¦Ç°Àº Struts 2.3 ~2.3.34 ¹öÀü°ú Struts 2.5~2.5.16 ¹öÀüÀÌ´Ù.
Struts 2.3~2.3.34 ¹öÀü »ç¿ëÀÚ´Â ÇØ´ç »çÀÌÆ®¸¦ Âü°íÇØ 2.3.35 ¹öÀüÀ¸·Î, truts 2.5~2.5.16 ¹öÀü »ç¿ëÀÚ´Â ÇØ´ç »çÀÌÆ®¸¦ Âü°íÇØ 2.5.17 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ëÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
Á»´õ ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ¿¡ ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
[1] https://cwiki.apache.org/confluence/display/WW/S2-057
[2] https://nvd.nist.gov/vuln/detail/CVE-2018-11776
[3] https://struts.apache.org/download.cgi
[±è°æ¾Ö ±âÀÚ(boan3@boannews.com)]
Struts 2.3 ¢¦ 2.3.34 ¹öÀü°ú Struts 2.5 ¢¦ 2.5.16 ¹öÀü »ç¿ëÀÚ, ¾÷µ¥ÀÌÆ® Àû¿ëÇؾß
[º¸¾È´º½º ±è°æ¾Ö ±âÀÚ] Apache Struts¿¡¼ ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ÀÌ ¹ß°ßµÆ´Ù. ³·Àº ¹öÀüÀ» »ç¿ë ÁßÀÎ ½Ã½ºÅÛÀº ¾Ç¼ºÄÚµå °¨¿°¿¡ Ãë¾àÇÒ ¼ö ÀÖÀ¸¹Ç·Î, ÃֽŠ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ®ÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
[À̹ÌÁö=cwiki.apache »çÀÌÆ®]
À̹ø¿¡ ¹ß°ßµÈ Ãë¾àÁ¡Àº Struts ÇÁ·¹ÀÓ¿öÅ©ÀÇ Äھ¼ »ç¿ëÀÚÀÇ µ¥ÀÌÅÍ¿¡ ´ëÇÑ °ËÁõÀÌ ¹ÌÈíÇØ ¹ß»ýÇÏ´Â ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡(CVE-2018-11776)ÀÌ´Ù.
¿µÇâÀ» ¹Þ´Â Á¦Ç°Àº Struts 2.3 ~2.3.34 ¹öÀü°ú Struts 2.5~2.5.16 ¹öÀüÀÌ´Ù.
Struts 2.3~2.3.34 ¹öÀü »ç¿ëÀÚ´Â ÇØ´ç »çÀÌÆ®¸¦ Âü°íÇØ 2.3.35 ¹öÀüÀ¸·Î, truts 2.5~2.5.16 ¹öÀü »ç¿ëÀÚ´Â ÇØ´ç »çÀÌÆ®¸¦ Âü°íÇØ 2.5.17 ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® Àû¿ëÇÏ´Â °ÍÀÌ ¹Ù¶÷Á÷ÇÏ´Ù.
Á»´õ ÀÚ¼¼ÇÑ »çÇ×Àº Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝħÇØ´ëÀÀ¼¾ÅÍ¿¡ ¹®ÀÇÇÏ¸é µÈ´Ù.
[Âü°í»çÀÌÆ®]
[1] https://cwiki.apache.org/confluence/display/WW/S2-057
[2] https://nvd.nist.gov/vuln/detail/CVE-2018-11776
[3] https://struts.apache.org/download.cgi
[±è°æ¾Ö ±âÀÚ(boan3@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
±è°æ¾Ö±âÀÚ ±â»çº¸±â
[2024-11-25] .jpg)
.jpg)
.jpg)
.jpg)
.jpg)
