{"id":477869,"date":"2023-08-09T09:21:36","date_gmt":"2023-08-09T09:21:36","guid":{"rendered":""},"modified":"2023-09-05T11:15:35","modified_gmt":"2023-09-05T11:15:35","slug":"log4shell","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/kr\/wiki\/log4shell\/","title":{"rendered":"Log4Shell"},"content":{"rendered":"<p>Log4Shell\uc740 2021\ub144 \ud6c4\ubc18\uc5d0 \ub4f1\uc7a5\ud558\uc5ec \uc0ac\uc774\ubc84 \ubcf4\uc548 \ud658\uacbd\uc744 \ub4a4\ud754\ub4e0 \uc911\uc694\ud55c \ucde8\uc57d\uc131\uc785\ub2c8\ub2e4. \uc774\ub294 \ub110\ub9ac \uc0ac\uc6a9\ub418\ub294 \ub85c\uae45 \ub77c\uc774\ube0c\ub7ec\ub9ac\uc778 Apache Log4j\uc758 \uacb0\ud568\uc744 \uc545\uc6a9\ud558\uace0 \uacf5\uaca9\uc790\uac00 \ucde8\uc57d\ud55c \uc2dc\uc2a4\ud15c\uc5d0\uc11c \uc6d0\uaca9 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud560 \uc218 \uc788\ub3c4\ub85d \ud5c8\uc6a9\ud569\ub2c8\ub2e4. \uc774 \ucde8\uc57d\uc810\uc758 \uc2ec\uac01\ub3c4\ub294 \uac00\uc7a5 \ub192\uc740 \uc810\uc218\uc778 &quot;10.0&quot; CVSS(Common Vulnerability Scoring System) \ub4f1\uae09\uc744 \ud68d\ub4dd\ud558\uc5ec \uad11\ubc94\uc704\ud558\uace0 \ud30c\uad34\uc801\uc778 \ud53c\ud574\ub97c \uc785\ud790 \uac00\ub2a5\uc131\uc774 \uc788\uc74c\uc744 \ub098\ud0c0\ub0c5\ub2c8\ub2e4.<\/p>\n<h2>Log4Shell\uc758 \uc720\ub798\uc640 \ucd5c\ucd08 \uc5b8\uae09\uc758 \uc5ed\uc0ac\uc785\ub2c8\ub2e4.<\/h2>\n<p>Log4Shell\uc758 \uae30\uc6d0\uc740 \ub2e4\uc591\ud55c Java \uae30\ubc18 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0\uc11c \uc0ac\uc6a9\ub418\ub294 \uc778\uae30 \uc788\ub294 \uc624\ud508 \uc18c\uc2a4 \ub85c\uae45 \ud504\ub808\uc784\uc6cc\ud06c\uc778 Apache Log4j\uc758 \uc0dd\uc131\uc73c\ub85c \uac70\uc2ac\ub7ec \uc62c\ub77c\uac11\ub2c8\ub2e4. 2021\ub144 \ub9d0, \ubcf4\uc548 \uc5f0\uad6c\uc6d0\ub4e4\uc740 Log4j\uc5d0\uc11c \uacf5\uaca9\uc790\uac00 \ub85c\uae45 \uba54\ucee4\ub2c8\uc998\uc744 \ud1b5\ud574 \uc2dc\uc2a4\ud15c\uc5d0 \uc545\uc131 \ucf54\ub4dc\ub97c \uc0bd\uc785\ud560 \uc218 \uc788\ub294 \uc2ec\uac01\ud55c \ucde8\uc57d\uc810\uc744 \ubc1c\uacac\ud588\uc2b5\ub2c8\ub2e4. Log4Shell\uc774 \ucc98\uc74c \uacf5\uac1c\uc801\uc73c\ub85c \uc5b8\uae09\ub41c \uac83\uc740 2021\ub144 12\uc6d4 9\uc77c Carnegie Mellon University\uc758 CERT Coordination Center\uc5d0\uc11c \ucde8\uc57d\uc810 \ub178\ud2b8(CVE-2021-44228)\ub97c \uac8c\uc2dc\ud588\uc744 \ub54c \ubc1c\uc0dd\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>Log4Shell\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \uc815\ubcf4\uc785\ub2c8\ub2e4. Log4Shell \uc8fc\uc81c \ud655\uc7a5.<\/h2>\n<p>Log4Shell\uc758 \uc601\ud5a5\uc740 Apache Log4j\ub97c \ub118\uc5b4 \ud6e8\uc52c \ub354 \ud655\uc7a5\ub418\uc5c8\uc2b5\ub2c8\ub2e4. \uc218\ub9ce\uc740 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uacfc \uc81c\ud488\uc774 \uc774 \ub77c\uc774\ube0c\ub7ec\ub9ac\ub97c \ud1b5\ud569\ud558\uc5ec \ucde8\uc57d\uc810\uc5d0 \ucde8\uc57d\ud574\uc84c\uc2b5\ub2c8\ub2e4. \uacb0\ud568\uc740 \ud2b9\ud788 &quot;\uc870\ud68c&quot; \uae30\ub2a5\uc744 \uc0ac\uc6a9\ud558\uc5ec \ud658\uacbd \ubcc0\uc218\ub97c \ucc38\uc870\ud560 \ub54c Log4j\uac00 \uc0ac\uc6a9\uc790 \uc81c\uacf5 \ub370\uc774\ud130\uac00 \ud3ec\ud568\ub41c \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \ucc98\ub9ac\ud558\ub294 \ubc29\uc2dd\uc5d0 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p>\uc545\uc758\uc801\uc778 \ud589\uc704\uc790\uac00 \uc870\ud68c\ub97c \uc870\uc791\ud558\uc5ec \ud2b9\ubcc4\ud788 \uc81c\uc791\ub41c \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uc791\uc131\ud558\uba74 \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589\uc774 \uc2dc\uc791\ub429\ub2c8\ub2e4. \uc774\ub294 \uacf5\uaca9\uc790\uac00 Log4Shell\uc744 \uc545\uc6a9\ud558\uc5ec \ubb34\ub2e8 \uc561\uc138\uc2a4 \uad8c\ud55c\uc744 \uc5bb\uace0, \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub97c \ub3c4\uc6a9\ud558\uace0, \uc11c\ube44\uc2a4\ub97c \uc911\ub2e8\ud558\uace0, \uc2ec\uc9c0\uc5b4 \ub300\uc0c1 \uc2dc\uc2a4\ud15c\uc744 \uc644\uc804\ud788 \uc81c\uc5b4\ud560 \uc218 \uc788\uae30 \ub54c\ubb38\uc5d0 \uc2ec\uac01\ud55c \uc704\ud611\uc774 \ub429\ub2c8\ub2e4.<\/p>\n<h2>Log4Shell\uc758 \ub0b4\ubd80 \uad6c\uc870. Log4Shell\uc758 \uc791\ub3d9 \ubc29\uc2dd.<\/h2>\n<p>Log4Shell\uc740 \ucde8\uc57d\ud55c \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \ud658\uacbd \ubcc0\uc218\uc5d0 \ub300\ud55c \uc870\ud68c \uc18c\uc2a4\ub85c \uc9c0\uc815\ud558\uc5ec Log4j &quot;\uc870\ud68c&quot; \uba54\ucee4\ub2c8\uc998\uc744 \ud65c\uc6a9\ud569\ub2c8\ub2e4. \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc774 \uc545\uc131 \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \ubc1b\uc73c\uba74 \ucc38\uc870\ub41c \ud658\uacbd \ubcc0\uc218\ub97c \uad6c\ubb38 \ubd84\uc11d\ud558\uace0 \ud574\uacb0\ud558\ub824\uace0 \uc2dc\ub3c4\ud558\uc5ec \uc790\uc2e0\ub3c4 \ubaa8\ub974\uac8c \uacf5\uaca9\uc790\uc758 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud569\ub2c8\ub2e4.<\/p>\n<p>Log4Shell\uc758 \ud504\ub85c\uc138\uc2a4\ub97c \uc2dc\uac01\ud654\ud558\ub824\uba74 \ub2e4\uc74c \uc21c\uc11c\ub97c \uace0\ub824\ud558\uc2ed\uc2dc\uc624.<\/p>\n<ol>\n<li>\uacf5\uaca9\uc790\ub294 \uc870\uc791\ub41c \uc870\ud68c\uac00 \ud3ec\ud568\ub41c \uc545\uc131 \ub85c\uadf8 \uba54\uc2dc\uc9c0\ub97c \uc791\uc131\ud569\ub2c8\ub2e4.<\/li>\n<li>\ucde8\uc57d\ud55c \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc740 Log4j\ub97c \uc0ac\uc6a9\ud558\uc5ec \uba54\uc2dc\uc9c0\ub97c \uae30\ub85d\ud558\uace0 \uc870\ud68c \uba54\ucee4\ub2c8\uc998\uc744 \ud2b8\ub9ac\uac70\ud569\ub2c8\ub2e4.<\/li>\n<li>Log4j\ub294 \uacf5\uaca9\uc790\uc758 \ucf54\ub4dc\ub97c \uc2e4\ud589\ud558\uc5ec \uc870\ud68c\ub97c \ud574\uacb0\ud558\ub824\uace0 \uc2dc\ub3c4\ud569\ub2c8\ub2e4.<\/li>\n<li>\uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589\uc774 \ubc1c\uc0dd\ud558\uc5ec \uacf5\uaca9\uc790\uc5d0\uac8c \ubb34\ub2e8 \uc561\uc138\uc2a4 \uad8c\ud55c\uc774 \ubd80\uc5ec\ub429\ub2c8\ub2e4.<\/li>\n<\/ol>\n<h2>Log4Shell\uc758 \uc8fc\uc694 \uae30\ub2a5 \ubd84\uc11d.<\/h2>\n<p>Log4Shell\uc744 \ub9e4\uc6b0 \uc704\ud5d8\ud55c \ucde8\uc57d\uc810\uc73c\ub85c \ub9cc\ub4dc\ub294 \uc8fc\uc694 \uae30\ub2a5\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li><strong>\ub192\uc740 CVSS \uc810\uc218<\/strong>: Log4Shell\uc740 CVSS \uc810\uc218 10.0\uc744 \ud68d\ub4dd\ud558\uc5ec \uc911\uc694\uc131\uacfc \uad11\ubc94\uc704\ud55c \ud53c\ud574 \uac00\ub2a5\uc131\uc744 \uac15\uc870\ud588\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\uad11\ubc94\uc704\ud55c \uc601\ud5a5<\/strong>: Apache Log4j\uc758 \uc778\uae30\ub85c \uc778\ud574 \uc6f9 \uc11c\ubc84, \uc5d4\ud130\ud504\ub77c\uc774\uc988 \uc560\ud50c\ub9ac\ucf00\uc774\uc158, \ud074\ub77c\uc6b0\ub4dc \uc11c\ube44\uc2a4 \ub4f1\uc744 \ud3ec\ud568\ud558\uc5ec \uc804 \uc138\uacc4 \uc218\ubc31\ub9cc \ub300\uc758 \uc2dc\uc2a4\ud15c\uc774 \ucde8\uc57d\ud574\uc84c\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\uc2e0\uc18d\ud55c \ucc29\ucde8<\/strong>: \uc0ac\uc774\ubc84 \ubc94\uc8c4\uc790\ub4e4\uc740 \ucde8\uc57d\uc810\uc744 \uc545\uc6a9\ud558\ub294 \ub370 \uc2e0\uc18d\ud558\uac8c \uc801\uc751\ud558\ubbc0\ub85c \uc870\uc9c1\uc5d0\uc11c\ub294 \uc2dc\uc2a4\ud15c\uc744 \uc989\uc2dc \ud328\uce58\ud558\ub294 \uac83\uc774 \uc2dc\uae09\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\ud06c\ub85c\uc2a4 \ud50c\ub7ab\ud3fc<\/strong>: Log4j\ub294 \ud06c\ub85c\uc2a4 \ud50c\ub7ab\ud3fc\uc785\ub2c8\ub2e4. \uc989, \ucde8\uc57d\uc810\uc774 Windows, Linux, macOS\ub97c \ud3ec\ud568\ud55c \ub2e4\uc591\ud55c \uc6b4\uc601 \uccb4\uc81c\uc5d0 \uc601\ud5a5\uc744 \ubbf8\ucce4\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\uc9c0\uc5f0\ub41c \ud328\uce58<\/strong>: \uc77c\ubd80 \uc870\uc9c1\uc5d0\uc11c\ub294 \ud328\uce58\ub97c \uc2e0\uc18d\ud558\uac8c \uc801\uc6a9\ud558\ub294 \ub370 \uc5b4\ub824\uc6c0\uc744 \uacaa\uc5c8\uc73c\uba70 \uc2dc\uc2a4\ud15c\uc774 \uc7a5\uae30\uac04 \ub178\ucd9c\ub41c \uc0c1\ud0dc\ub85c \uc788\uc5c8\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ol>\n<h2>Log4Shell\uc758 \uc885\ub958<\/h2>\n<p>Log4Shell\uc740 \uc601\ud5a5\uc744 \ubbf8\uce58\ub294 \uc751\uc6a9 \ud504\ub85c\uadf8\ub7a8 \ubc0f \uc2dc\uc2a4\ud15c \uc720\ud615\uc5d0 \ub530\ub77c \ubd84\ub958\ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc8fc\uc694 \uc720\ud615\uc740 \ub2e4\uc74c\uacfc \uac19\uc2b5\ub2c8\ub2e4.<\/p>\n<table>\n<thead>\n<tr>\n<th>\uc720\ud615<\/th>\n<th>\uc124\uba85<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\uc6f9 \uc11c\ubc84<\/td>\n<td>\ucde8\uc57d\ud55c \uc6f9 \uc11c\ubc84\uac00 \uc778\ud130\ub137\uc5d0 \ub178\ucd9c\ub418\uc5b4 \uc6d0\uaca9 \ucf54\ub4dc \uc2e4\ud589\uc774 \uac00\ub2a5\ud569\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>\uae30\uc5c5\uc6a9 \uc571<\/td>\n<td>Log4j\ub97c \ud65c\uc6a9\ud558\uace0 \uc545\uc6a9\ub418\uae30 \uc26c\uc6b4 Java \uae30\ubc18 \uc5d4\ud130\ud504\ub77c\uc774\uc988 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc785\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>\ud074\ub77c\uc6b0\ub4dc \uc11c\ube44\uc2a4<\/td>\n<td>Log4j\ub85c Java \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \uc2e4\ud589\ud558\ub294 \ud074\ub77c\uc6b0\ub4dc \ud50c\ub7ab\ud3fc\uc740 \uc704\ud5d8\uc5d0 \ucc98\ud574 \uc788\uc2b5\ub2c8\ub2e4.<\/td>\n<\/tr>\n<tr>\n<td>IoT \uc7a5\uce58<\/td>\n<td>Log4j\ub97c \ud65c\uc6a9\ud558\ub294 IoT(\uc0ac\ubb3c \uc778\ud130\ub137) \uc7a5\uce58\ub294 \uc7a0\uc7ac\uc801\uc73c\ub85c \uc6d0\uaca9 \uacf5\uaca9\uc73c\ub85c \uc774\uc5b4\uc9c8 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Log4Shell\uc758 \uc0ac\uc6a9\ubc29\ubc95\uacfc \uc0ac\uc6a9\uc5d0 \ub530\ub978 \ubb38\uc81c\uc810 \ubc0f \ud574\uacb0\ubc29\ubc95\uc744 \uc18c\uac1c\ud569\ub2c8\ub2e4.<\/h2>\n<p><strong>Log4Shell\uc744 \uc0ac\uc6a9\ud558\ub294 \ubc29\ubc95:<\/strong><\/p>\n<ul>\n<li>\ub178\ucd9c\ub41c \uc6f9 \uc11c\ubc84\ub97c \uc545\uc6a9\ud558\uc5ec \ubbfc\uac10\ud55c \ub370\uc774\ud130\ub97c \uc190\uc0c1\uc2dc\ud0a4\uac70\ub098 \uc545\uc131 \ucf54\ub4dc\ub97c \uc124\uce58\ud569\ub2c8\ub2e4.<\/li>\n<li>\ucde8\uc57d\ud55c \uae30\uc5c5 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \ud1b5\ud574 \uae30\uc5c5 \ub124\ud2b8\uc6cc\ud06c\uc5d0 \uce68\uc785\ud569\ub2c8\ub2e4.<\/li>\n<li>\ud074\ub77c\uc6b0\ub4dc \uc11c\ube44\uc2a4\ub97c \uc81c\uc5b4\ud558\uc5ec DDoS \uacf5\uaca9\uc744 \uc2dc\uc791\ud569\ub2c8\ub2e4.<\/li>\n<li>\ub300\uaddc\ubaa8 \uacf5\uaca9\uc744 \uc704\ud55c \ubd07\ub137\uc744 \uc0dd\uc131\ud558\uae30 \uc704\ud574 IoT \uc7a5\uce58\ub97c \uc545\uc6a9\ud569\ub2c8\ub2e4.<\/li>\n<\/ul>\n<p><strong>\ubb38\uc81c \ubc0f \ud574\uacb0 \ubc29\ubc95:<\/strong><\/p>\n<ul>\n<li>\uc9c0\uc5f0\ub41c \ud328\uce58 \uc801\uc6a9: \uc77c\ubd80 \uc870\uc9c1\uc5d0\uc11c\ub294 \ubcf5\uc7a1\ud55c \uc778\ud504\ub77c\uc640 \uc885\uc18d\uc131\uc73c\ub85c \uc778\ud574 \ud328\uce58\ub97c \uc989\uc2dc \uc801\uc6a9\ud558\ub294 \ub370 \uc5b4\ub824\uc6c0\uc744 \uacaa\uc5c8\uc2b5\ub2c8\ub2e4. \ud574\uacb0\ucc45\uc740 \ud328\uce58 \uad00\ub9ac\uc758 \uc6b0\uc120\uc21c\uc704\ub97c \uc815\ud558\uace0 \uac00\ub2a5\ud55c \uacbd\uc6b0 \uc5c5\ub370\uc774\ud2b8\ub97c \uc790\ub3d9\ud654\ud558\ub294 \uac83\uc785\ub2c8\ub2e4.<\/li>\n<li>\ubd88\uc644\uc804\ud55c \uc778\uc2dd: \ubaa8\ub4e0 \uc870\uc9c1\uc774 Log4j \uc885\uc18d\uc131\uc744 \uc778\uc2dd\ud558\uace0 \uc788\ub294 \uac83\uc740 \uc544\ub2d9\ub2c8\ub2e4. \uc815\uae30\uc801\uc778 \uac10\uc0ac \ubc0f \ubcf4\uc548 \ud3c9\uac00\ub294 \ucde8\uc57d\ud55c \uc2dc\uc2a4\ud15c\uc744 \uc2dd\ubcc4\ud558\ub294 \ub370 \ub3c4\uc6c0\uc774 \ub420 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li>\ub808\uac70\uc2dc \uc560\ud50c\ub9ac\ucf00\uc774\uc158: \uc774\uc804 \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc5d0\ub294 \uc624\ub798\ub41c \uc885\uc18d\uc131\uc774 \uc788\uc744 \uc218 \uc788\uc2b5\ub2c8\ub2e4. \uc870\uc9c1\uc5d0\uc11c\ub294 \ud328\uce58 \uc801\uc6a9\uc774 \uac00\ub2a5\ud560 \ub54c\uae4c\uc9c0 \ucd5c\uc2e0 \ubc84\uc804\uc73c\ub85c \uc5c5\uadf8\ub808\uc774\ub4dc\ud558\uac70\ub098 \ud574\uacb0 \ubc29\ubc95\uc744 \uc801\uc6a9\ud558\ub294 \uac83\uc744 \uace0\ub824\ud574\uc57c \ud569\ub2c8\ub2e4.<\/li>\n<\/ul>\n<h2>\uc8fc\uc694 \ud2b9\uc9d5 \ubc0f \uae30\ud0c0 \uc720\uc0ac\ud55c \uc6a9\uc5b4\uc640\uc758 \ube44\uad50\ub97c \ud45c\uc640 \ubaa9\ub85d \ud615\ud0dc\ub85c \uc81c\uacf5\ud569\ub2c8\ub2e4.<\/h2>\n<p><strong>Log4Shell\uc758 \uc8fc\uc694 \ud2b9\uc9d5:<\/strong><\/p>\n<ul>\n<li>\ucde8\uc57d\ud55c \uc18c\ud504\ud2b8\uc6e8\uc5b4: Apache Log4j 2.x \ubc84\uc804(\ucd5c\ub300 2.15.0)\uc774 \uc601\ud5a5\uc744 \ubc1b\uc2b5\ub2c8\ub2e4.<\/li>\n<li>CVSS \uc810\uc218: 10.0(\uc911\uc694)<\/li>\n<li>\uc545\uc6a9 \ubca1\ud130: \uc6d0\uaca9<\/li>\n<li>\uacf5\uaca9 \ubcf5\uc7a1\uc131: \ub0ae\uc74c<\/li>\n<li>\uc778\uc99d \ud544\uc694: \uc544\ub2c8\uc694<\/li>\n<\/ul>\n<p><strong>\uc720\uc0ac \uc6a9\uc5b4\uc640\uc758 \ube44\uad50:<\/strong><\/p>\n<table>\n<thead>\n<tr>\n<th>\ucde8\uc57d\uc810<\/th>\n<th>CVSS \uc810\uc218<\/th>\n<th>\ucc29\ucde8 \ubca1\ud130<\/th>\n<th>\uacf5\uaca9 \ubcf5\uc7a1\uc131<\/th>\n<th>\uc778\uc99d \ud544\uc694<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>Log4Shell<\/td>\n<td>10.0<\/td>\n<td>\uc6d0\uaca9<\/td>\n<td>\ub0ae\uc740<\/td>\n<td>\uc544\ub2c8\uc694<\/td>\n<\/tr>\n<tr>\n<td>\ud558\ud2b8\ube14\ub9ac\ub4dc<\/td>\n<td>9.4<\/td>\n<td>\uc6d0\uaca9<\/td>\n<td>\ub0ae\uc740<\/td>\n<td>\uc544\ub2c8\uc694<\/td>\n<\/tr>\n<tr>\n<td>\uc258\uc1fc\ud06c<\/td>\n<td>10.0<\/td>\n<td>\uc6d0\uaca9<\/td>\n<td>\ub0ae\uc740<\/td>\n<td>\uc544\ub2c8\uc694<\/td>\n<\/tr>\n<tr>\n<td>\uc2a4\ud399\ud130<\/td>\n<td>5.6<\/td>\n<td>\ub85c\uceec\/\uc6d0\uaca9<\/td>\n<td>\ub0ae\uc740<\/td>\n<td>\uc544\ub2c8\uc694<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>Log4Shell\uacfc \uad00\ub828\ub41c \ubbf8\ub798\uc758 \uad00\uc810\uacfc \uae30\uc220.<\/h2>\n<p>Log4Shell \ucde8\uc57d\uc810\uc740 \uc5c5\uacc4\uac00 \ubcf4\uc548\uacfc \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uacf5\uae09\ub9dd \ubb34\uacb0\uc131\uc744 \uc6b0\uc120\uc2dc\ud574\uc57c \ud55c\ub2e4\ub294 \uacbd\uac01\uc2ec\uc744 \ubd88\ub7ec\uc77c\uc73c\ucf30\uc2b5\ub2c8\ub2e4. \uadf8 \uacb0\uacfc, \ubbf8\ub798\uc5d0 \uc720\uc0ac\ud55c \ubb38\uc81c\ub97c \ud574\uacb0\ud558\uae30 \uc704\ud55c \uc5ec\ub7ec \uad00\uc810\uacfc \uae30\uc220\uc774 \ub4f1\uc7a5\ud588\uc2b5\ub2c8\ub2e4.<\/p>\n<ol>\n<li><strong>\ud5a5\uc0c1\ub41c \ud328\uce58 \uad00\ub9ac<\/strong>: \uc870\uc9c1\uc5d0\uc11c\ub294 \uc2dc\uae30\uc801\uc808\ud55c \uc5c5\ub370\uc774\ud2b8\ub97c \ubcf4\uc7a5\ud558\uace0 Log4Shell\uacfc \uac19\uc740 \ucde8\uc57d\uc810\uc744 \ubc29\uc9c0\ud558\uae30 \uc704\ud574 \uc790\ub3d9\ud654\ub41c \ud328\uce58 \uad00\ub9ac \uc2dc\uc2a4\ud15c\uc744 \ucc44\ud0dd\ud558\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\ucee8\ud14c\uc774\ub108\ud654 \ubc0f \ub9c8\uc774\ud06c\ub85c\uc11c\ube44\uc2a4<\/strong>: Docker \ubc0f Kubernetes\uc640 \uac19\uc740 \ucee8\ud14c\uc774\ub108 \uae30\uc220\uc740 \uaca9\ub9ac\ub41c \uc560\ud50c\ub9ac\ucf00\uc774\uc158 \ud658\uacbd\uc744 \uc9c0\uc6d0\ud558\uc5ec \ucde8\uc57d\uc810\uc758 \uc601\ud5a5\uc744 \uc81c\ud55c\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\ubcf4\uc548 \uac10\uc0ac \ubc0f \ud3c9\uac00 \ub3c4\uad6c<\/strong>: \uc7a0\uc7ac\uc801\uc778 \uc704\ud5d8\uc744 \uc2dd\ubcc4\ud558\uae30 \uc704\ud574 \uc18c\ud504\ud2b8\uc6e8\uc5b4 \uc885\uc18d\uc131\uc744 \uac10\uc0ac\ud558\uace0 \ud3c9\uac00\ud558\ub294 \ub370 \uace0\uae09 \ubcf4\uc548 \ub3c4\uad6c\uac00 \ud544\uc218\uac00 \ub418\uace0 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\uc5c4\uaca9\ud55c \ub77c\uc774\ube0c\ub7ec\ub9ac \ubc84\uc804 \uad00\ub9ac<\/strong>: \uac1c\ubc1c\uc790\ub294 \ub77c\uc774\ube0c\ub7ec\ub9ac \uc885\uc18d\uc131\uc5d0 \ub300\ud574 \ub354 \uc8fc\uc758\ub97c \uae30\uc6b8\uc774\uace0 \uc798 \uad00\ub9ac\ub418\uace0 \ucd5c\uc2e0 \ubc84\uc804\ub9cc \uc120\ud0dd\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\ubcf4\uc548 \ubc84\uadf8 \ubc14\uc6b4\ud2f0 \ud504\ub85c\uadf8\ub7a8<\/strong>: \uc870\uc9c1\uc740 \uc0ac\uc774\ubc84 \ubcf4\uc548 \uc5f0\uad6c\uc6d0\uc774 \ucc45\uc784\uac10 \uc788\uac8c \ucde8\uc57d\uc810\uc744 \ucc3e\uc544 \ubcf4\uace0\ud558\ub3c4\ub85d \uc7a5\ub824\ud558\uc5ec \uc870\uae30 \ubc1c\uacac \ubc0f \uc644\ud654\ub97c \uac00\ub2a5\ud558\uac8c \ud569\ub2c8\ub2e4.<\/li>\n<\/ol>\n<h2>\ud504\ub85d\uc2dc \uc11c\ubc84\ub97c \uc0ac\uc6a9\ud558\uac70\ub098 Log4Shell\uacfc \uc5f0\uacb0\ud558\ub294 \ubc29\ubc95.<\/h2>\n<p>\ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \uc0ac\uc6a9\uc790\uc640 \uc778\ud130\ub137 \uc0ac\uc774\uc758 \uc911\uac1c\uc790 \uc5ed\ud560\uc744 \ud558\uc5ec \uc0ac\uc774\ubc84 \ubcf4\uc548\uc744 \uac15\ud654\ud558\ub294 \ub370 \uc911\uc694\ud55c \uc5ed\ud560\uc744 \ud569\ub2c8\ub2e4. \ud504\ub85d\uc2dc \uc11c\ubc84 \uc790\uccb4\ub294 Log4Shell\uc5d0 \uc9c1\uc811\uc801\uc73c\ub85c \ucde8\uc57d\ud558\uc9c0\ub294 \uc54a\uc9c0\ub9cc \ucde8\uc57d\uc131\uacfc \uad00\ub828\ub41c \uc704\ud5d8\uc744 \uc644\ud654\ud558\ub294 \ub370 \uac04\uc811\uc801\uc73c\ub85c \uae30\uc5ec\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<p><strong>Log4Shell \uc644\ud654\uc5d0\uc11c \ud504\ub85d\uc2dc \uc11c\ubc84\uc758 \uc5ed\ud560:<\/strong><\/p>\n<ol>\n<li><strong>\uc6f9 \ud544\ud130\ub9c1<\/strong>: \ud504\ub85d\uc2dc \uc11c\ubc84\ub294 \uc545\uc131 \ud2b8\ub798\ud53d\uc744 \ud544\ud130\ub9c1\ud558\uace0 \ucc28\ub2e8\ud558\uc5ec \uacf5\uaca9\uc790\uac00 \ucde8\uc57d\ud55c \uc6f9 \uc11c\ubc84\uc5d0 \uc811\uadfc\ud558\ub294 \uac83\uc744 \ubc29\uc9c0\ud569\ub2c8\ub2e4.<\/li>\n<li><strong>\ub0b4\uc6a9 \uac80\uc0ac<\/strong>: \ud504\ub85d\uc2dc\ub294 \ub4e4\uc5b4\uc624\uace0 \ub098\uac00\ub294 \ud2b8\ub798\ud53d\uc5d0\uc11c \uc545\uc131 \ud398\uc774\ub85c\ub4dc\ub97c \uac80\uc0ac\ud558\uc5ec \uc545\uc6a9 \uc2dc\ub3c4\ub97c \uc911\ub2e8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>SSL \uac80\uc0ac<\/strong>: \ud504\ub85d\uc2dc\ub294 SSL\/TLS \ud2b8\ub798\ud53d\uc744 \ubcf5\ud638\ud654\ud558\uace0 \uac80\uc0ac\ud568\uc73c\ub85c\uc368 \uc554\ud638\ud654\ub41c \uc5f0\uacb0 \ub0b4\uc5d0 \uc228\uaca8\uc9c4 \uc545\uc131 \ucf54\ub4dc\ub97c \ud0d0\uc9c0\ud558\uace0 \ucc28\ub2e8\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<li><strong>\uce90\uc2f1 \ubc0f \uc555\ucd95<\/strong>: \ud504\ub85d\uc2dc\ub294 \uc790\uc8fc \uc561\uc138\uc2a4\ud558\ub294 \ub9ac\uc18c\uc2a4\ub97c \uce90\uc2dc\ud558\uc5ec \ucde8\uc57d\ud55c \uc560\ud50c\ub9ac\ucf00\uc774\uc158\uc744 \ud1b5\uacfc\ud558\ub294 \uc694\uccad \uc218\ub97c \uc904\uc77c \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/li>\n<\/ol>\n<p>OneProxy\uc640 \uac19\uc740 \ud504\ub85d\uc2dc \uc11c\ubc84 \uc81c\uacf5\uc5c5\uccb4\ub294 Log4Shell \uad00\ub828 \ubcf4\uc548 \uc870\uce58\ub97c \uc790\uc0ac \uc81c\ud488\uc5d0 \ud1b5\ud569\ud558\uc5ec \uc0c8\ub85c\uc6b4 \ucde8\uc57d\uc810\uc5d0 \ub300\ud55c \uace0\uac1d\uc758 \uc804\ubc18\uc801\uc778 \ubcf4\ud638\ub97c \uac15\ud654\ud560 \uc218 \uc788\uc2b5\ub2c8\ub2e4.<\/p>\n<h2>\uad00\ub828\ub41c \ub9c1\ud06c\ub4e4<\/h2>\n<p>Log4Shell \ubc0f \uc2dc\uc2a4\ud15c \ubcf4\ud638 \ubc29\ubc95\uc5d0 \ub300\ud55c \uc790\uc138\ud55c \ub0b4\uc6a9\uc740 \ub2e4\uc74c \ub9ac\uc18c\uc2a4\ub97c \ucc38\uc870\ud558\uc2ed\uc2dc\uc624.<\/p>\n<ol>\n<li><a href=\"https:\/\/logging.apache.org\/log4j\/2.x\/\" target=\"_new\" rel=\"noopener nofollow\">Apache Log4j \uacf5\uc2dd \uc6f9\uc0ac\uc774\ud2b8<\/a><\/li>\n<li><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2021-44228\" target=\"_new\" rel=\"noopener nofollow\">NIST \uad6d\uac00 \ucde8\uc57d\uc810 \ub370\uc774\ud130\ubca0\uc774\uc2a4(NVD) \u2013 CVE-2021-44228<\/a><\/li>\n<li><a href=\"https:\/\/us-cert.cisa.gov\/ncas\/alerts\/aa21-339a\" target=\"_new\" rel=\"noopener nofollow\">CISA \u2013 \uacbd\uace0(AA21-339A) \u2013 \uc99d\ud3ed\ub41c \ub3c4\ub09c \uc790\uaca9 \uc99d\uba85<\/a><\/li>\n<\/ol>\n<p>Log4Shell\uc758 \uc7a0\uc7ac\uc801\uc778 \uc704\ud611\uc73c\ub85c\ubd80\ud130 \uc815\ubcf4\ub97c \uc5bb\uace0 \uc2dc\uc2a4\ud15c\uc744 \ubcf4\ud638\ud558\uc138\uc694.<\/p>","protected":false},"featured_media":0,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477869","wiki","type-wiki","status-publish","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Log4Shell: Unraveling the Complexities of a Critical Vulnerability<\/mark>","faq_items":[{"question":"What is Log4Shell?","answer":"<p>Log4Shell is a critical vulnerability that emerged in late 2021. It exploits a flaw in the widely used logging library, Apache Log4j, allowing attackers to execute remote code on vulnerable systems.<\/p>"},{"question":"How did Log4Shell originate?","answer":"<p>The vulnerability originated in the Apache Log4j logging framework. It was first publicly mentioned by the CERT Coordination Center at Carnegie Mellon University on December 9, 2021.<\/p>"},{"question":"How does Log4Shell work?","answer":"<p>Log4Shell manipulates the Log4j \"lookup\" feature, injecting malicious code into vulnerable systems through specially crafted log messages. When the application processes these logs, the attacker's code executes, granting unauthorized access.<\/p>"},{"question":"What are the key features of Log4Shell?","answer":"<p>Log4Shell's criticality is highlighted by its CVSS score of 10.0. It impacts millions of systems, including web servers, enterprise apps, and cloud services. Attackers can exploit it to gain control, steal data, and disrupt services.<\/p>"},{"question":"What types of Log4Shell exist?","answer":"<p>Log4Shell can impact web servers, enterprise apps, cloud services, and IoT devices.<\/p>"},{"question":"How can Log4Shell be used, and what are the solutions to related problems?","answer":"<p>Log4Shell can be used to compromise web servers, breach corporate networks, launch DDoS attacks, and create IoT botnets. Solutions include prioritizing patch management, conducting regular security audits, and upgrading legacy applications.<\/p>"},{"question":"What are the main characteristics of Log4Shell, and how does it compare to similar terms?","answer":"<p>Log4Shell is characterized by its high CVSS score, remote exploitation vector, low attack complexity, and no authentication required. It is more critical than terms like Heartbleed, Shellshock, and Spectre.<\/p>"},{"question":"What are the future perspectives and technologies related to Log4Shell?","answer":"<p>The industry emphasizes enhanced patch management, containerization, security auditing tools, library version control, and bug bounty programs to mitigate future vulnerabilities.<\/p>"},{"question":"How can proxy servers be associated with Log4Shell?","answer":"<p>Proxy servers indirectly contribute to Log4Shell mitigation by filtering malicious traffic, inspecting content, decrypting SSL traffic, caching resources, and compressing data.<\/p>"},{"question":"Where can I find more information about Log4Shell?","answer":"<p>For more information, visit the official Apache Log4j website, the NIST National Vulnerability Database (CVE-2021-44228), and CISA's Alert (AA21-339A) on Amplified Stolen Credentials. Stay informed and safeguard your systems against Log4Shell's threats.<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/477869","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/wiki\/477869\/revisions"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/kr\/wp-json\/wp\/v2\/media?parent=477869"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}