본문 바로가기

Home > 정보마당 > 공개SW 보안취약점

공개SW 보안취약점

Apache Tomcat 8.0.30-windows-i64

License 관리자 게시글 작성 시각 2020-09-29 14:12:08 게시글 조회수 2171
컴포넌트 명 : Apache Tomcat
컴포넌트에 대한 취약점 정보
버전 정보 취약점 ID 취약점 최종 보고일 심각도
8.0.30-windows-i64 CVE-2020-8022 2020/09/02 7.2 (High)
취약점 ID : CVE-2020-8022
취약점 상세정보
취약점 설명 A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8에서 tomcat 패키지의 Incorrect Default Permissions 보안취약점은 로컬 공격자가 tomcat 그룹에서 루트로 확대시킬 수 있습니다.
이 이슈는 다음에 영향을 미칩니다: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.
대응 방안 29.32.1
기타 -

-

공개SW 보안취약점 - 번호, 컴포넌트 명 및 버전, 취약점ID, 심각도, 취약점 최종보고일, 대응방안
번호 컴포넌트 명 및 버전 취약점ID 심각도 취약점
최종 보고일
대응방안
113 Apache Tomcat 8.0.30-windows-i64 CVE-2020-8022 7.2 (High) 2020/09/02 대응방안보기
112 Apache Tomcat 8.0.30-windows-i64 CVE-2018-8014 7.5 (High) 2019/10/02 대응방안보기
111 Apache Tomcat 8.0.30-windows-i64 CVE-2016-8735 7.5 (High) 2019/04/23 대응방안보기
110 Apache Tomcat 8.0.30-windows-i64 CVE-2016-8735 7.2 (High) 2020/07/23 대응방안보기
109 Apache Tomcat 8.0.30-windows-i64 CVE-2016-3092 7.8 (High) 2019/04/23 대응방안보기
108 Apache Xerces2 J 2.10.0 CVE-2012-0881 7.8 (High) 2019/10/18 대응방안보기
107 fop 1.1 CVE-2017-5661 7.9 (High) 2017/11/04 대응방안보기
106 Elasticsearch 0.17.8 CVE-2015-1427 7.5 (High) 2018/10/10 대응방안보기
105 Bouncy Castle 1.54 CVE-2018-1000613 7.5 (High) 2019/04/24 대응방안보기
104 Spring Batch Test 2.1.8.RELEASE CVE-2019-3774 7.5 (High) 2019/10/10 대응방안보기
맨 위로
맨 위로