°øÁö»çÇ×
º¸¾ÈÆÐÄ¡
°áÁ¦¹æ¹ý¾È³»
¼­ºñ½º ÀÌ¿ë¾à°ü
°³ÀÎÁ¤º¸Ãë±Þ¹æÄ§
ÀÚÁÖ¹¯´ÂÁú¹®
±â¼ú°¡À̵å
¹®ÀÇÇϱâ
Á¦ ¸ñ Apache Struts ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ® ±Ç°í
ÀÛ¼ºÀÚ °ü¸®ÀÚ ( se@hhosting.co.kr ) µî·ÏÁ¤º¸ 2017-03-10 10:48:29 Á¶È¸¼ö 24035
¡à °³¿ä
o Apache Struts¿¡¼­ ÀÓÀÇ ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡À» ÇØ°áÇÑ º¸¾È ¾÷µ¥ÀÌÆ® ¹ßÇ¥ [1]
o Ãë¾àÇÑ ¹öÀüÀ» »ç¿ë ÁßÀÎ ¼­¹öÀÇ ´ã´çÀÚ´Â ÇØ°á¹æ¾È¿¡ µû¶ó ÃֽйöÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ±Ç°í

¡à ³»¿ë
o Jakarta Multipart ÆÄ¼­¸¦ ±â¹ÝÀ¸·Î ÇÑ ÆÄÀÏ ¾÷·Îµå¸¦ ¼öÇàÇÒ ¶§ HTTP Request Çì´õÀÇ Content-TypeÀ» º¯Á¶ÇÏ¿©

¿ø°Ý ÄÚµå ½ÇÇàÀÌ °¡´ÉÇÑ Ãë¾àÁ¡(CVE-2017-5638)

¡à ¿µÇâÀ» ¹Þ´Â Á¦Ç° ¹× ¹öÀü
o Apache Struts 2.3.5~2.3.31 ¹öÀü
o Apache Struts 2.5~2.5.10 ¹öÀü
¡Ø ¹öÀü È®ÀÎ ¹æ¹ý : webÇÏÀ§ÀÇ /WEB-INF/lib/struts-core.x.x.jar ÆÄÀÏ ¹öÀü È®ÀÎ

¡à ÇØ°á ¹æ¾È
o Ãë¾àÁ¡ÀÌ ÇØ°áµÈ ¹öÀüÀ¸·Î ¾÷µ¥ÀÌÆ® ¼öÇà
- Apache Struts 2.3.32 ¹öÀü [2]
- Apache Struts 2.5.10.1 ¹öÀü [3]
o Content-Type¿¡ ¾ö°ÝÇÑ ÇÊÅ͸µ Àû¿ë ¹× ognl Ç¥Çö½Ä°ú »ç¿ë ±ÝÁö
o commons-fileupload-x.x.x.jar ÆÄÀÏ »èÁ¦
¡Ø ÇØ´ç ÆÄÀÏ »èÁ¦ ½Ã ¾÷·Îµå ±â´É »ç¿ë ºÒ°¡

¡à ±âŸ ¹®ÀÇ»çÇ×
o Çѱ¹ÀÎÅͳÝÁøÈï¿ø ÀÎÅͳÝÄ§ÇØ´ëÀÀ¼¾ÅÍ: ±¹¹ø¾øÀÌ 118

[Âü°í»çÀÌÆ®]
[1] https://cwiki.apache.org/confluence/display/WW/S2-045
[2] https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.3.32
[3] https://cwiki.apache.org/confluence/display/WW/Version+Notes+2.5.10.1
ÃÑ 71 °Ç
¹øÈ£ Á¦¸ñ µî·ÏÀÏ Á¶È¸¼ö
71 [°øÁö] ÁÖ¿ä À¥ºê¶ó¿ìÁ® TLS1.0, TLS1.1 Áö¿øÁ¾·á ¾È³» 2020-07-22 110234
70 [°øÁö] È£½ºÆ®¿þÀÌ »ó´Ü ISP ¾÷ü (¼¼Á¾ÅÚ·¹ÄÞ) ±ä±Þ ÀÛ¾÷ °øÁö 2020-01-30 15177
69 [°øÁö] ¼­ÃÊ IDC ³×Æ®¿öÅ© ¾ÈÁ¤È­ ÀÛ¾÷ 2019-09-04 19173
68 À©µµ¿ì RDP ¿ø°ÝÄÚµå½ÇÇà Ãë¾àÁ¡ º¸¾È ¾÷µ¥ÀÌÆ® ±Ç°í 2019-05-16 20156
67 2019³â 5¿ù ÈÞÀÏ ¾È³» 2019-04-30 19609
66 °ø¿ë¹æÈ­º®(Fortigate) Àåºñ ±³Ã¼ ÀÛ¾÷ ¾È³» 2018-12-14 21004
65 °ø¿ë¹æÈ­º®(Fortigate)¿¡ ´ëÇÑ Á¡°Ë ¹× Æß¿þ¾î ¾÷µ¥ÀÌÆ® PM ÀÛ¾÷ ¾È³» 2018-12-13 18477
64 [¼­ÃÊ IDC] ¹éº» ½ºÀ§Ä¡ Á¤±â Á¡°Ë 2018-05-08 18576
63 [SK IDC]¼­ÃÊ1 ¹éº»½ºÀ§Ä¡ ±³Ã¼ÀÛ¾÷(5FE) OFFICE 2018-03-30 21337
62 2018³â »õÇØ º¹ ¸¹ÀÌ ¹ÞÀ¸¼¼¿ä. 2018-02-14 15644
61 ·£¼¶¿þ¾î ÇÇÇØ ¿¹¹æ ¾È³» 2017-06-14 39891
60 WannaCry(¿ö³ÊÅ©¶óÀÌ) ·£¼¶¿þ¾î ´ëÀÀ ¹æ¹ý ¾È³» 2017-05-15 18959
=> Apache Struts ¿ø°Ý ÄÚµå ½ÇÇà Ãë¾àÁ¡ ¾÷µ¥ÀÌÆ® ±Ç°í 2017-03-10 24035
58 [°øÁö] ºÐ´ç IDC ³×Æ®¿÷ Á¤±â Á¡°Ë ¾È³». 2017-01-19 19820
57 [°øÁö] ºÐ´ç IDC ³×Æ®¿÷ Á¤±â Á¡°Ë ¾È³». 2016-07-20 22036
56 [°øÁö] 2016³â 5¿ù 2Â÷ ºÐ´ç IDC ³×Æ®¿÷ Á¤±â Á¡°Ë 2016-05-16 23014
55 [ÀÛ¾÷°øÁö] ºÐ´ç IDC ³×Æ®¿öÅ© ½ºÀ§Ä¡ ±³Ã¼ ÀÛ¾÷ 2016-04-28 20666
54 [Á¤±âÁ¡°Ë] 2015. 7. 23(¸ñ) 1Â÷ Á¤±âÁ¡°Ë ¾È³»(ºÐ´ç IDC) 2015-07-14 21774
  [1] [2] [3] [4]  
1