Strutsã®è„†å¼±æ€§CVE-2014-0094ã«ã¤ã„ã¦æ”¹ã‚ã¦ã¾ã¨ã‚ã¦ã¿ãŸ - piyologStruts2ã«ãŠã„ã¦ã‚¯ãƒ©ã‚¹ãƒãƒ¼ãƒ€ãƒ¼ã®æ“作を許ã—ã¦ã—ã¾ã†è„†å¼±æ€§(CVE-2014-0094)ã«ã¤ã„ã¦å…ˆæ—¥èª¿ã¹ãŸã®ã§ã™ãŒã€ãã®å¾Œã®ã‚»ã‚ュリティベンダã®èª¿æŸ»ã«ã‚ˆã‚Šå½“åˆã«æ¯”ã¹ã¦å½±éŸ¿ç¯„囲ãŒå¤‰ã‚ã£ã¦ãã¦ã„ã‚‹ã“ã¨ã‹ã‚‰ã€å†åº¦æ•´ç†ã‚’ã‹ãã¦ã¾ã¨ã‚ã¾ã™ã€‚å°šã€ã“ã‚Œã‚‰æƒ…å ±ã¯piyokangoãŒå…¨ã¦æ¤œè¨¼ã—ãŸã‚ã‘ã§ã¯ãªã„ãŸã‚ã”注æ„ãã ã•ã„。ã¾ãŸå½“然ãªãŒã‚‰æ‚ªç”¨ã™ã‚‹ã“ã¨ã¯åŽ³ç¦ã§ã™ã€‚ Apache Software Foundationよりã€å½“è©²è„†å¼±æ€§æƒ…å ±ã«é–¢ã™ã‚‹ã‚¢ãƒŠã‚¦ãƒ³ã‚¹ãŒå‡ºã¾ã—ãŸã€‚ 24 April 2014 - Struts up to 2.3.16.1: Zero-Day Exploit Mitigation S2-021 クラスãƒãƒ¼ãƒ€ãƒ¼ãŒæ“作ã•ã‚Œã‚‹è„†å¼±æ€§ã®å½±éŸ¿ç¯„囲 NTT-CERTã‚„MBSDã€LACã®èª¿æŸ»ã«ã‚ˆã‚Šæ¬¡ã®Strutsã®ãƒãƒ¼ã‚¸ãƒ§ãƒ³ãŒå½±éŸ¿ã‚’å—ã‘ã‚‹ã“ã¨ãŒåˆ¤æ˜Žã—ã¦ã„ã¾ã™ã€‚ã¾ãŸBeanUtilsを使ã£ã¦ãƒªã‚¯ã‚¨ã‚¹ãƒˆ
例ãˆã°ã€Strutsã‚’é¿ã‘ã‚‹
{{#tags}}- {{label}}
{{/tags}}