CVE-2015-7986, CVE-2015-5240, CVE-2015-5220
CVE-2015-5188, CVE-2015-5178
[º¸¾È´º½º ÁÖ¼ÒÇü] ÇöÁö ½Ã°¢À¸·Î 10¿ù 27ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 27ÀÏ¿¡¼ 28ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÔ´Ï´Ù.
1. CVE-2015-7986
SAP HANA 1.00.095 ¹öÀüÀÇ À妽º ¼¹ö¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ HTTP ¿äûÀ» ÅëÇØ ÀÓÀÇÀÇ Äڵ带 ½ÇÇà½ÃÅ°°Å³ª ¼ºñ½º °ÅºÎ¸¦ ÇÒ ¼ö ÀÖ½À´Ï´Ù. SAP Security Note 2197428¿Í ³»¿ëÀÌ °°½À´Ï´Ù.
2. CVE-2015-5240
OpenStack Neutron 2014.2.4, 2015.1, 2015.1.2 ÀÌÀü ¹öÀüÀÇ ·¹À̽º ÄÁµð¼Ç¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î ÀÎÁõµÈ »ç¿ëÀÚ°¡ ±â±â º¯°æÀ» ÅëÇØ IP ¾ÈƼ ½ºÇªÇÎ ÅëÁ¦¸¦ ¿ìȸÇÒ ¼ö ÀÖ½À´Ï´Ù.
3. CVE-2015-5220
Red Hat Enterprise Application Platform(EAP) 6.4.4 ÀÌÀü ¹öÀü ¹× WildFlyÀÇ À¥ Äֿܼ¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ ¸¹Àº ¾çÀÇ ¿äû Çì´õ¸¦ ÅëÇØ ¼ºñ½º °ÅºÎ¸¦ ÇÒ ¼ö ÀÖ½À´Ï´Ù.
4. CVE-2015-5188
Red Hat Enterprise Application Platform 6.4.4 ¹öÀü ¹× WildFly 2.0.0.CR9 ÀÌÀü ¹öÀüÀÇ À¥ Äֿܼ¡¼ ¹ß°ßµÈ CSRF Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ multipart/form-data Á¦ÃâÀ» »ç¿ëÇÏ¿© ÆÄÀÏÀ» ¾÷·ÎµåÇÏ´Â º¤Å͸¦ ÅëÇØ °ü¸®ÀÚ ÀÎÁõÀ» ³³Ä¡ÇÒ ¼ö ÀÖ½À´Ï´Ù.
5. CVE-2015-5178
Red Hat Enterprise Application Platform 6.4.4 ÀÌÀü ¹öÀü ¹× WildFly¿¡¼ ¹ß°ßµÈ °ü¸® Äֿܼ¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ (1 FRAME, 2) IFRAME ¿ä¼Ò¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Â Á¶ÀÛµÈ À¥ ÆäÀÌÁö¸¦ ÅëÇØ Å¬¸¯ÀçÅ·(clickjacking) °ø°ÝÀ» ÇÒ ¼ö ÀÖ½À´Ï´Ù.
[±¹Á¦ºÎ ÁÖ¼ÒÇü ±âÀÚ(sochu@boannews.com)]
CVE-2015-5188, CVE-2015-5178
[º¸¾È´º½º ÁÖ¼ÒÇü] ÇöÁö ½Ã°¢À¸·Î 10¿ù 27ÀÏ, ¿ì¸®³ª¶ó ½Ã°£À¸·Î´Â ´ë·« 27ÀÏ¿¡¼ 28ÀÏ·Î ³Ñ¾î¿À´Â ¹ã »çÀÌ¿¡ ¹Ì±¹ÀÇ National Vulnerability DatabaseÀ» ÅëÇØ ¹ßÇ¥µÈ Ãë¾àÁ¡µéÀÔ´Ï´Ù.
1. CVE-2015-7986
SAP HANA 1.00.095 ¹öÀüÀÇ À妽º ¼¹ö¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ HTTP ¿äûÀ» ÅëÇØ ÀÓÀÇÀÇ Äڵ带 ½ÇÇà½ÃÅ°°Å³ª ¼ºñ½º °ÅºÎ¸¦ ÇÒ ¼ö ÀÖ½À´Ï´Ù. SAP Security Note 2197428¿Í ³»¿ëÀÌ °°½À´Ï´Ù.
2. CVE-2015-5240
OpenStack Neutron 2014.2.4, 2015.1, 2015.1.2 ÀÌÀü ¹öÀüÀÇ ·¹À̽º ÄÁµð¼Ç¿¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î ÀÎÁõµÈ »ç¿ëÀÚ°¡ ±â±â º¯°æÀ» ÅëÇØ IP ¾ÈƼ ½ºÇªÇÎ ÅëÁ¦¸¦ ¿ìȸÇÒ ¼ö ÀÖ½À´Ï´Ù.
3. CVE-2015-5220
Red Hat Enterprise Application Platform(EAP) 6.4.4 ÀÌÀü ¹öÀü ¹× WildFlyÀÇ À¥ Äֿܼ¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ ¸¹Àº ¾çÀÇ ¿äû Çì´õ¸¦ ÅëÇØ ¼ºñ½º °ÅºÎ¸¦ ÇÒ ¼ö ÀÖ½À´Ï´Ù.
4. CVE-2015-5188
Red Hat Enterprise Application Platform 6.4.4 ¹öÀü ¹× WildFly 2.0.0.CR9 ÀÌÀü ¹öÀüÀÇ À¥ Äֿܼ¡¼ ¹ß°ßµÈ CSRF Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ multipart/form-data Á¦ÃâÀ» »ç¿ëÇÏ¿© ÆÄÀÏÀ» ¾÷·ÎµåÇÏ´Â º¤Å͸¦ ÅëÇØ °ü¸®ÀÚ ÀÎÁõÀ» ³³Ä¡ÇÒ ¼ö ÀÖ½À´Ï´Ù.
5. CVE-2015-5178
Red Hat Enterprise Application Platform 6.4.4 ÀÌÀü ¹öÀü ¹× WildFly¿¡¼ ¹ß°ßµÈ °ü¸® Äֿܼ¡¼ ¹ß°ßµÈ Ãë¾àÁ¡À¸·Î °ø°ÝÀÚ°¡ ¿ø°Ý¿¡¼ (1 FRAME, 2) IFRAME ¿ä¼Ò¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Â Á¶ÀÛµÈ À¥ ÆäÀÌÁö¸¦ ÅëÇØ Å¬¸¯ÀçÅ·(clickjacking) °ø°ÝÀ» ÇÒ ¼ö ÀÖ½À´Ï´Ù.
[±¹Á¦ºÎ ÁÖ¼ÒÇü ±âÀÚ(sochu@boannews.com)]
<ÀúÀÛ±ÇÀÚ: º¸¾È´º½º(www.boannews.com) ¹«´ÜÀüÀç-Àç¹èÆ÷±ÝÁö>
ÁÖ¼ÒÇü±âÀÚ ±â»çº¸±â
[2025-04-07] 
.png)
