°øÁö»çÇ×
º¸¾ÈÆÐÄ¡
°áÁ¦¹æ¹ý¾È³»
¼­ºñ½º ÀÌ¿ë¾à°ü
°³ÀÎÁ¤º¸Ãë±Þ¹æÄ§
ÀÚÁÖ¹¯´ÂÁú¹®
±â¼ú°¡À̵å
¹®ÀÇÇϱâ
Á¦ ¸ñ Apache Struts 2 ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í
ÀÛ¼ºÀÚ Çϳª·ÎÈ£½ºÆÃ ( hosting@hhosting.co.kr ) µî·ÏÁ¤º¸ 2013-07-22 09:57:24 Á¶È¸¼ö 24669
÷ºÎÆÄÀÏ: 20130719_CVE-2013-2251_¿ø°ÝÄÚµå½ÇÇà_Ãë¾àÁ¡_ºÐ¼®°á°ú.pdf (240.00 Kbytes)
2013³â 7¿ù 16ÀÏ, "Apache Struts 2" Á¦Ç°¿¡¼­ ¿ø°Ý¿¡¼­ ÀÓÀÇÀÇ Äڵ带 ½ÇÇàÇÒ ¼ö ÀÖ´Â Ãë¾àÁ¡ÀÌ ¹ß°ßµÇ¾úÀ¸¸ç,
ÇØ´ç Ãë¾àÁ¡À» ÀÌ¿ëÇÑ °ø°ÝÀÌ ±¹³»¿¡¼­µµ È®ÀεǾú½À´Ï´Ù.
ÀÌ¿¡ ±Í»ç ¹× ±Í»çÀÇ ¼­ºñ½º ÀÌ¿ëÀÚ¿¡°Ô ¾Æ·¡ÀÇ KrCERT º¸¾È°øÁö¸¦ Âü°íÇϽþî ÇØ´ç Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¿Ï¾÷µ¥ÀÌÆ® Àû¿ëÀ» ±ä±ÞÈ÷ Àü´Þ ¿äûµå¸³´Ï´Ù.
¡Ø Á¶Ä¡°á°ú¿¡ ´ëÇØ¼­ ȸ½Å ºÎʵ右´Ï´Ù
========================================================================================================
¤± KrCERT ȨÆäÀÌÁö º¸¾È°øÁö
o Apache Struts 2 ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í (2013.7.18)
- °³¿ä
* Apache Struts 2¿¡¼­, ¿ø°ÝÄÚµå ½ÇÇà µîÀÇ Ãë¾àÁ¡ÀÌ ¹ß°ßµÊ [1],[2]
* °ø°ÝÀڴ Ư¼öÇÏ°Ô Á¶ÀÛÇÑ ÆÄ¶ó¹ÌÅ͸¦ Ãë¾àÁ¡ÀÌ Á¸ÀçÇÏ´Â ¼­¹ö·Î Àü¼ÛÇÒ °æ¿ì, ¿ø°ÝÄÚµå ½ÇÇà µîÀÌ °¡´ÉÇÔ
* Ãë¾àÇÑ ¹öÀüÀ» »ç¿ëÇϰí ÀÖÀ» °æ¿ì, ÇØÅ·¿¡ ÀÇÇØ ȨÆäÀÌÁö º¯Á¶, µ¥ÀÌÅͺ£À̽º Á¤º¸ À¯Ãâ µîÀÇ ÇÇÇØ¸¦ ÀÔÀ» ¼ö ÀÖÀ¸¹Ç·Î ¼­¹ö °ü¸®ÀÚÀÇ Àû±ØÀûÀÎ Á¶Ä¡ ÇÊ¿ä
- ¿µÇâ ¹Þ´Â ¼ÒÇÁÆ®¿þ¾î
* Apache Struts 2.3.15 ¹× ÀÌÀü¹öÀü
- ÇØ°á¹æ¾È
* Ãë¾àÇÑ Apache Struts 2 ¹öÀüÀ» ¿î¿ëÇϰíÀÖ´Â À¥¼­¹ö °ü¸®ÀÚ´Â 2.3.15.1 ÀÌ»ó ¹öÀüÀ¸·Î ¾÷±×·¹À̵å[3]

- ¿ë¾î Á¤¸®
* Apache Struts : ±â¾÷±Þ ÀÚ¹Ù À¥ ÇÁ·Î±×·¥ ±¸ÃàÀ» À§ÇÑ ÇÁ·¹ÀÓ ¿öÅ©

[Âü°í»çÀÌÆ®]
[1] http://struts.apache.org/release/2.3.x/docs/s2-016.html
[2] http://struts.apache.org/release/2.3.x/docs/s2-017.html
[3] http://struts.apache.org/download.cgi#struts23151
========================================================================================================
±âŸ ÇØ´ç Ãë¾àÁ¡ °ü·Ã ±â»ç ¹× Âü°í»çÀÌÆ®
o µ¥Àϸ®½ÃÅ¥ : Apache Struts2 »ç¿ë±â¾÷µé, ÇØÅ· ÇÇÇØ ´Ù¼ö ÀÖÀ» °Í!(http://www.dailysecu.co.kr/news_view.php?article_id=4827)
o ¾È·¦º¸¾Èºí·Î±× : Apache Struts2 ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡(http://asec.ahnlab.com/957)
°¨»çÇÕ´Ï´Ù.
ÃÑ 173 °Ç
¹øÈ£ Á¦¸ñ µî·ÏÀÏ Á¶È¸¼ö
173 À©µµ¿ì RDP ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2019-05-16 2599
172 WannaCry(¿ö³ÊÅ©¶óÀÌ) ·£¼¶¿þ¾î ´ëÀÀ ¹æ¹ý ¾È³» 2017-05-15 11616
171 OpenSSL ±ä±Þ º¸¾È ¾÷µ¥ÀÌÆ® 2016-03-03 14952
170 À±ÃÊ(Leap Second) °ü·Ã ¹ö±× ³»¿ë ¹× ´ëÀÀ ¹æ¾È ¾È³» 2015-06-26 17507
169 HTTP.sys ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ 2015-04-17 17035
168 ¸®´ª½º Ghost Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2015-01-29 16209
=> Apache Struts 2 ¿ø°ÝÄÚµå ½ÇÇà Ãë¾àÁ¡ º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í 2013-07-22 24669
166 ±¹³» °ø°³ À¥ °Ô½ÃÆÇ(±×´©º¸µå) º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2011-04-28 29721
165 MS Internet Explorer ½Å±Ô ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ ÁÖÀÇ - 2010-12-22 2010-12-22 30695
164 ±¹³» °ø°³ À¥ °Ô½ÃÆÇ(Á¦·Îº¸µå) Ãë¾àÁ¡ ÁÖÀÇ - 2010-12-22 2010-12-22 29428
163 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 12¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-12-15 2010-12-15 26355
162 ¾ÖÇà ÄüŸÀÓ Ç÷¹ÀÌ¾î º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-12-09 2010-12-09 22126
161 Adobe Reader/Acrobat Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-17 2010-11-17 22269
160 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 11¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-10 2010-11-10 21342
159 Adobe Flash Player ´ÙÁß Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í - 2010-11-05 2010-11-05 21737
158 Mozilla Firefox ¹× Thunderbird º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-10-28 2010-10-28 21535
157 Adobe Shockwave Player ½Å±Ô Ãë¾àÁ¡ ÁÖÀÇ - 2010-10-22 2010-10-22 21504
156 [MS º¸¾È¾÷µ¥ÀÌÆ®]2010³â 10¿ù MS Á¤±â º¸¾È¾÷µ¥ÀÌÆ® ±Ç°í - 2010-10-13 2010-10-13 21442
  [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]  
1