- others
[Tomcat] Tomcat 보안취약점(CVE-2020-1938)
HalfStroage
2020. 4. 16. 15:46
반응형
Apache Tomcat의 원격코드실행 취약점(CVE-2020-1938)을 악용한 공격사례가 증가
출처 : https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938
CVE - CVE-2020-1938
When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an a
cve.mitre.org
1. 취약점이 발견된 Apache Tomcat 버전
| 9.0.0.M1 ~ 9.0.30 |
| 8.5.0 ~ 8.5.50 |
| 7.0.0 ~ 7.0.99 |
2. 해결 방법
- 톰캣 버전 업그레이드
| 9.0.31 이상 http://tomcat.apache.org/security-9.html |
| 8.5.51 이상 http://tomcat.apache.org/security-8.html |
| 7.0.100 이상 http://tomcat.apache.org/security-7.html |
반응형