\u25a1 \uac1c\uc694<\/p>\n\n\n\n
\u00a0o\u00a0\ucd5c\uadfc\u00a0Apache Tomcat\uc758 \uc6d0\uaca9\ucf54\ub4dc\uc2e4\ud589 \ucde8\uc57d\uc810(CVE-2020-1938)\uc744 \uc545\uc6a9\ud560 \uc218 \uc788\ub294 \uac1c\ub150\uc99d\uba85\ucf54\ub4dc(Proof of concept code, PoC)\uac00 \uc778\ud130\ub137\uc0c1\uc5d0 \uacf5\uac1c\ub418\uc5b4 \uc0ac\uc6a9\uc790\uc758 \ubcf4\uc548 \uac15\ud654 \ud544\uc694
\u203b\u00a0\uac1c\ub150\uc99d\uba85\ucf54\ub4dc\u00a0:\u00a0\ucde8\uc57d\uc810\uc744 \uc99d\uba85\/\uac80\uc99d\ud560 \uc218 \uc788\ub294 \ud504\ub85c\uadf8\ub7a8 \ub610\ub294 \uc18c\uc2a4\ucf54\ub4dc<\/p>\n\n\n\n
<\/p>\n\n\n\n
\u25a1 \uc124\uba85<\/p>\n\n\n\n
\u00a0o Tomcat\uc774\u00a0AJP request\u00a0\uba54\uc2dc\uc9c0\ub97c \ucc98\ub9ac\ud560 \ub54c,\u00a0\uba54\uc2dc\uc9c0\uc5d0 \ub300\ud55c \ucc98\ub9ac\uac00 \ubbf8\ud761\ud558\uc5ec \ubc1c\uc0dd\ud558\ub294 \uc6d0\uaca9\ucf54\ub4dc\uc2e4\ud589 \ucde8\uc57d\uc810(CVE-2020-1938)
\u00a0 \u203b\u00a0AJP(Apache JServ Protocol) :\u00a0\uc6f9\uc11c\ubc84\uc640 \uc5b4\ud50c\ub9ac\ucf00\uc774\uc158 \uc11c\ubc84 \uac04 \uc5f0\uacb0 \uc694\uccad\uc744\u00a08009\ud3ec\ud2b8\ub97c \uc0ac\uc6a9\ud558\uc5ec\u00a0\uc804\ub2ec\ud558\ub294 \ud504\ub85c\ud1a0\ucf5c(\ubaa8\ub2c8\ud130\ub9c1 \uae30\ub2a5 \uc9c0\uc6d0)<\/p>\n\n\n\n
<\/p>\n\n\n\n
\u25a1 \uc601\ud5a5\uc744 \ubc1b\ub294 \ubc84\uc804<\/p>\n\n\n\n
\u00a0o Apache Tomcat
\u00a0 – 9.0.0.M1 ~ 9.0.30
\u00a0 – 8.5.0 ~ 8.5.50
\u00a0 – 7.0.0 ~ 7.0.99
\u00a0 \u203b\u00a0\uc0c1\uae30 \ubc84\uc804\uc740\u00a0AJP\u00a0\ucee4\ub125\ud130\uac00 \uae30\ubcf8\uc73c\ub85c \ud65c\uc131\ud654\ub418\uc5b4 \ucde8\uc57d\uc810\uc5d0 \uc601\ud5a5 \ubc1b\uc74c<\/p>\n\n\n\n
<\/p>\n\n\n\n
\u25a1 \ud574\uacb0 \ubc29\uc548<\/p>\n\n\n\n
\u00a0o\u00a0\uac01 \ubc84\uc804\uc5d0 \ud574\ub2f9\ub418\ub294 \ud398\uc774\uc9c0\ub97c \ucc38\uace0\ud558\uc5ec \ucd5c\uc2e0 \ubc84\uc804\uc73c\ub85c \uc5c5\ub370\uc774\ud2b8 \uc801\uc6a9
\u00a0 – 7.0.100\u00a0\uc774\uc0c1 \ubc84\uc804\u00a0[2]\u00a0 – 8.5.51\u00a0\uc774\uc0c1 \ubc84\uc804\u00a0[3]\u00a0 – 9.0.31\u00a0\uc774\uc0c1 \ubc84\uc804\u00a0[4]\n\n\n\n
\u00a0o\u00a0\uc784\uc2dc \uc870\uce58 \ubc29\uc548(\ud328\uce58 \uc801\uc6a9\uc774 \uc5b4\ub824\uc6b4 \uacbd\uc6b0)
\u00a0 – AJP\u00a0\uae30\ub2a5\uc774 \ubd88\ud544\uc694\ud55c \uacbd\uc6b0\u00a0Connector\u00a0\ube44\ud65c\uc131\ud654
\u00a0 \u00a0\u00b7\u00a0conf\/server.xml\u00a0\uc124\uc815 \ud30c\uc77c \ub0b4\u00a0AJP Connector\u00a0\uae30\ub2a5 \uc8fc\uc11d\ucc98\ub9ac<\/p>\n\n\n\n
<\/p>\n\n\n\n
\u25a1 \uae30\ud0c0 \ubb38\uc758\uc0ac\ud56d<\/p>\n\n\n\n
\u00a0o\u00a0\ud55c\uad6d\uc778\ud130\ub137\uc9c4\ud765\uc6d0 \uc0ac\uc774\ubc84\ubbfc\uc6d0\uc13c\ud130:\u00a0\uad6d\ubc88\uc5c6\uc774\u00a0118<\/p>\n\n\n\n
<\/p>\n\n\n\n[\ucc38\uace0\uc0ac\uc774\ud2b8]\n\n\n\n[1]\u00a0https:\/\/lists.apache.org\/thread.html\/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E<\/a> \u25a1 \uac1c\uc694 \u00a0o\u00a0\ucd5c\uadfc\u00a0Apache Tomcat\uc758 \uc6d0\uaca9\ucf54\ub4dc\uc2e4\ud589 \ucde8\uc57d\uc810(CVE-2020-1938)\uc744 \uc545\uc6a9\ud560 \uc218 \uc788\ub294 \uac1c\ub150\uc99d\uba85\ucf54\ub4dc(Proof of concept code, PoC)\uac00 \uc778\ud130\ub137\uc0c1\uc5d0 \uacf5\uac1c\ub418\uc5b4 \uc0ac\uc6a9\uc790\uc758 \ubcf4\uc548 \uac15\ud654 \ud544\uc694 \u203b\u00a0\uac1c\ub150\uc99d\uba85\ucf54\ub4dc\u00a0:\u00a0\ucde8\uc57d\uc810\uc744…<\/p>\n","protected":false},"author":1,"featured_media":11259,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[1],"tags":[149,150,151],"class_list":["post-11255","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-apache","tag-tomcat","tag-151"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/nori.company\/wp\/wp-content\/uploads\/2020\/03\/1280px-Apache_Software_Foundation_Logo_2016.svg_.png","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/pa3PO4-2Vx","jetpack-related-posts":[{"id":20606,"url":"https:\/\/nori.company\/?p=20606","url_meta":{"origin":11255,"position":0},"title":"Apache Log4j 2 \ubcf4\uc548 \uc5c5\ub370\uc774\ud2b8 \uad8c\uace0","author":"\ub178\ub9ac\ucef4\ud37c\ub2c8","date":"2021\ub144 12\uc6d4 15\uc77c","format":false,"excerpt":"\u25a1 \uac1c\uc694\u00a0o Apache \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uc7ac\ub2e8\uc740 \uc790\uc0ac\uc758 Log4j 2\uc5d0\uc11c \ubc1c\uc0dd\ud558\ub294 \ucde8\uc57d\uc810\uc744 \ud574\uacb0\ud55c \ubcf4\uc548 \uc5c5\ub370\uc774\ud2b8 \uad8c\uace0[1]\u00a0o \uacf5\uaca9\uc790\ub294 \ud574\ub2f9 \ucde8\uc57d\uc810\uc744 \uc774\uc6a9\ud558\uc5ec \uc545\uc131\ucf54\ub4dc \uac10\uc5fc \ub4f1\uc758 \ud53c\ud574\ub97c \ubc1c\uc0dd\uc2dc\ud0ac\uc218 \uc788\uc73c\ubbc0\ub85c, \ucd5c\uc2e0 \ubc84\uc804\uc73c\ub85c \uc5c5\ub370\uc774\ud2b8 \uad8c\uace0\u00a0 \u00a0\u203b \uad00\ub828 \uc0ac\ud56d\uc740 \ucc38\uace0\uc0ac\uc774\ud2b8 [6] \"QnA \ud615\uc2dd\uc73c\ub85c \uc54c\uc544\ubcf4\ub294 Apache log4j \ucde8\uc57d\uc810 \ub300\uc751 \uac00\uc774\ub4dc\"\ub97c \ucc38\uace0 \ubc14\ub78d\ub2c8\ub2e4.\u00a0\u25a1 \uc8fc\uc694 \ub0b4\uc6a9\u00a0o Apache Log4j 2*\uc5d0\uc11c \ubc1c\uc0dd\ud558\ub294 \uc6d0\uaca9\ucf54\ub4dc\u2026","rel":"","context":""News"\uc5d0\uc11c","block_context":{"text":"News","link":"https:\/\/nori.company\/?cat=1"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/nori.company\/wp\/wp-content\/uploads\/2021\/12\/img-scaled.jpg?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/nori.company\/wp\/wp-content\/uploads\/2021\/12\/img-scaled.jpg?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/nori.company\/wp\/wp-content\/uploads\/2021\/12\/img-scaled.jpg?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/nori.company\/wp\/wp-content\/uploads\/2021\/12\/img-scaled.jpg?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/nori.company\/wp\/wp-content\/uploads\/2021\/12\/img-scaled.jpg?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/nori.company\/wp\/wp-content\/uploads\/2021\/12\/img-scaled.jpg?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":11991,"url":"https:\/\/nori.company\/?p=11991","url_meta":{"origin":11255,"position":1},"title":"\uc790\ubc14\ud504\ub85c\uc81d\ud2b8 July 30, 2020 at 05:32PM","author":"\ub178\ub9ac\ucef4\ud37c\ub2c8","date":"2020\ub144 7\uc6d4 30\uc77c","format":false,"excerpt":"*DB\uc190\ud574\ubcf4\ud5d8 - \ubbf8\ub4e4\uc6e8\uc5b4 (\uc6b4\uc601) \uc2a4\ud0acA : Unix, WebSphere, Tomcat, Apache (\uc911\uae09) \uc2a4\ud0acB : Windows, Linux, WebSphere, Tomcat, Apache (\ucd08\uae09) \uae30\uac04 : (08.19 \/ 09.01) ~ 2021.06 (+\ub144\ub2e8\uc704) \ub4f1\uae09 : \uc911\uae09 1\uba85, \ucd08\uae09 1\uba85 \uc7a5\uc18c : \uc8fd\uc804\uc5ed (\uc6a9\uc778\uc2dc \uc218\uc9c0\uad6c \ub514\uc9c0\ud138\ubca8\ub9ac\ub85c 61) http:\/\/twitter.com\/Java_Project\/status\/1288754424832094208","rel":"","context":""Outsourcing"\uc5d0\uc11c","block_context":{"text":"Outsourcing","link":"https:\/\/nori.company\/?cat=103"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":15507,"url":"https:\/\/nori.company\/?p=15507","url_meta":{"origin":11255,"position":2},"title":"\uc774\uae00\ub8e8\uc2dc\ud050\ub9ac\ud2f0, \uc778\uacf5\uc9c0\ub2a5\u00b7\ucde8\uc57d\uc810 \uc9c4\ub2e8 \uad00\ub828 \ud2b9\ud5c8 5\uac74 \ucde8\ub4dd","author":"\ub178\ub9ac\ucef4\ud37c\ub2c8","date":"2021\ub144 3\uc6d4 11\uc77c","format":false,"excerpt":"\uc774\uae00\ub8e8\uc2dc\ud050\ub9ac\ud2f0(\ub300\ud45c \uc774\ub4dd\ucd98)\ub294 5\uac74\uc758 \uc778\uacf5\uc9c0\ub2a5(AI)\u00b7\ucde8\uc57d\uc810 \uc9c4\ub2e8 \uad00\ub828 \ud2b9\ud5c8 \ub4f1\ub85d\uc744 \uc644\ub8cc\ud588\ub2e4\uace0 11\uc77c \ubc1d\ud614\ub2e4. \ubcf8 \ud2b9\ud5c8\ub294 \uc9c0\ub3c4\ud559\uc2b5 \uba38\uc2e0\ub7ec\ub2dd \uc54c\uace0\ub9ac\uc998\uacfc \ubcf4\uc548 \ucde8\uc57d\uc810 \uc9c4\ub2e8\uc758 \ud6a8\uc728\uc131\uc744 \ub192\uc774\ub294 \ub370 \ubaa9\uc801\uc744 \ub450\uace0 \uc788\ub2e4.2\uac74\uc758 AI \ud2b9\ud5c8\ub294 \ubcf4\uc548 \uc774\ubca4\ud2b8 \ub370\uc774\ud130\ub97c \uc778\uacf5\uc9c0\ub2a5\uc774 \ud559\uc2b5\ud560 \uc218 \uc788\ub294 \ud615\ud0dc\ub85c \uac00\uacf5\ud558\ub294 \u2018\ub808\uc774\ube14\ub9c1(Labeling)\u2019 \uc791\uc5c5\uacfc \uce68\ud574 \uc0ac\uace0 \ub300\uc751\uc744 \uc704\ud55c \uce68\ud574 \ub300\uc751 \uc9c0\uc2dc\uc11c \uc0dd\uc131\uc758 \uc815\ud655\uc131\uc744 \ub192\uc774\ub294 \uae30\uc220\uc774\ub2e4. \ub8f0\u00b7\ud1b5\uacc4\ub97c\u2026","rel":"","context":""AI"\uc5d0\uc11c","block_context":{"text":"AI","link":"https:\/\/nori.company\/?cat=155"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11615,"url":"https:\/\/nori.company\/?p=11615","url_meta":{"origin":11255,"position":3},"title":"\uc790\ubc14\ud504\ub85c\uc81d\ud2b8 May 25, 2020 at 07:27PM","author":"\ub178\ub9ac\ucef4\ud37c\ub2c8","date":"2020\ub144 5\uc6d4 25\uc77c","format":false,"excerpt":"*GS\ud648\uc1fc\ud551 - \ubbf8\ub4e4\uc6e8\uc5b4 (WEB\/WAS) (\uc6b4\uc601) \uc2a4\ud0ac : Apache\/Tomcat\/Nginx, Unix, Linux, \ud074\ub77c\uc6b0\ub4dc(AWS \ub4f1) \uae30\uac04 : 06.01 ~ \ub144\ub2e8\uc704 \ub4f1\uae09 : \uace0\uae09~\uc911\uae09 1\uba85 \uc7a5\uc18c : \ubb38\ub798\ub3d9 http:\/\/twitter.com\/Java_Project\/status\/1264865606458724357","rel":"","context":""Outsourcing"\uc5d0\uc11c","block_context":{"text":"Outsourcing","link":"https:\/\/nori.company\/?cat=103"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11720,"url":"https:\/\/nori.company\/?p=11720","url_meta":{"origin":11255,"position":4},"title":"\uc790\ubc14\ud504\ub85c\uc81d\ud2b8 June 11, 2020 at 04:49PM","author":"\ub178\ub9ac\ucef4\ud37c\ub2c8","date":"2020\ub144 6\uc6d4 11\uc77c","format":false,"excerpt":"*DB\uc190\ubcf4 - \ubbf8\ub4e4\uc6e8\uc5b4 (\uc6b4\uc601) \uc2a4\ud0ac : Linux, WAS (WebSphere, Jeus, Tomcat, Apache) \uae30\uac04 : 07.01 ~ 2021.06 (+\ub144\ub2e8\uc704) \ub4f1\uae09 : \uace0\uae09 1\uba85 \uc7a5\uc18c : \uc8fd\uc804\uc5ed (\uc6a9\uc778\uc2dc \uc218\uc9c0\uad6c \ub514\uc9c0\ud138\ubca8\ub9ac\ub85c 61) http:\/\/twitter.com\/Java_Project\/status\/1270986414713274369","rel":"","context":""Outsourcing"\uc5d0\uc11c","block_context":{"text":"Outsourcing","link":"https:\/\/nori.company\/?cat=103"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":11115,"url":"https:\/\/nori.company\/?p=11115","url_meta":{"origin":11255,"position":5},"title":"\uc790\ubc14\ud504\ub85c\uc81d\ud2b8 February 27, 2020 at 07:26AM","author":"\ub178\ub9ac\ucef4\ud37c\ub2c8","date":"2020\ub144 2\uc6d4 27\uc77c","format":false,"excerpt":"*DB\uc190\ubcf4 - NT OS (\uc6b4\uc601) \uc2a4\ud0ac : SE (Linux, Windows OS, APACHE\/TOMCAT) \uae30\uac04 : 03.06 ~ 2021.06 (+\ub144\ub2e8\uc704) \ub4f1\uae09 : \ucd08\uae09 1\uba85 \uc7a5\uc18c : \uc8fd\uc804\uc5ed (\uc6a9\uc778\uc2dc \uc218\uc9c0\uad6c \ub514\uc9c0\ud138\ubca8\ub9ac\ub85c 61) http:\/\/twitter.com\/Java_Project\/status\/1232793975334948866","rel":"","context":""Outsourcing"\uc5d0\uc11c","block_context":{"text":"Outsourcing","link":"https:\/\/nori.company\/?cat=103"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nori.company\/index.php?rest_route=\/wp\/v2\/posts\/11255","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nori.company\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nori.company\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nori.company\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nori.company\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=11255"}],"version-history":[{"count":3,"href":"https:\/\/nori.company\/index.php?rest_route=\/wp\/v2\/posts\/11255\/revisions"}],"predecessor-version":[{"id":11258,"href":"https:\/\/nori.company\/index.php?rest_route=\/wp\/v2\/posts\/11255\/revisions\/11258"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nori.company\/index.php?rest_route=\/wp\/v2\/media\/11259"}],"wp:attachment":[{"href":"https:\/\/nori.company\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=11255"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nori.company\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=11255"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nori.company\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=11255"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
[2]\u00a0http:\/\/tomcat.apache.org\/security-7.html<\/a>
[3]\u00a0http:\/\/tomcat.apache.org\/security-8.html<\/a>
[4]\u00a0http:\/\/tomcat.apache.org\/security-9.html<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"