LENA

LENA is an innovative cloud-native web application server (WAS)

developed using LG CNS's cutting-edge technology.

With expertise in designing and operating advanced systems across various sectors,

LENA encapsulates the know-how of LG CNS, offering optimized services tailored

not only for traditional on-premise environments

but also for cloud, MSA/Container settings, and other diverse IT landscapes of enterprises.

In ensuring a stable operating environment,

LG CNS boasts a wide range of deployment cases in industries,

such as finance, the public sector, IT, and services for both cloud and on-Premise settings.

LENA

LENA는 LG CNS의 첨단 기술로 개발한

혁신적인 클라우드형 웹 애플리케이션 서버(WAS)입니다.

다양한 분야에서 선진 시스템을 설계하고 운영해 온 LG CNS의 노하우가 집약된

LENA는 기존의 On-premise 환경 뿐 아니라 클라우드 및 MSA/Container 환경 등

기업의 다양한 IT 환경에 맞춰 최적화된 서비스를 제공합니다.

안정적인 운영 환경을 제공하는 LG CNS는 금융, 공공, IT, 서비스 등

다양한 산업의 클라우드 및 On-Premise 환경에서 다양한 구축 사례를 보유하고 있습니다.

Resources

Brochure Brochure

Release Notes

LENA 1.3.2 fix#2 2023.06.29

LENA 1.3.2 fix#2
Release Date: 2023.06.29

Changes
The following items have been updated:

Web Server

Web Application Server

Session Server

Management

Container / Embedded

Detailed Information
[ Web Server ]
(LENA-8270) OSS Engine Update

[ Web Application Server ]
(LENA-8802) OSS Engine Update

(LENA-8451) Resolved CVE-2023-34981 Information Disclosure Vulnerability

(LENA-8265) Fixed CVE-2023-28709 Denial of Service Vulnerability

[ Session Server ]
(LENA-8895) Fixed error in WAS session linkage in EN9/EN10 Windows environment

(LENA-8790) Resolved WAS startup error during EN10 session linkage

[ Management ]
(LENA-8887) Library version update and security vulnerability resolution

(LENA-8067) Proper Topology display during WEB/WAS Proxy linkage

(LENA-7218) Improved abnormal log output when Manager is started or stopped

(LENA-6903) Added Hotfix information verification feature

[ Container / Embedded ]
(LENA-8225) Added LENA-TunA bundling (Container) feature

(LENA-8158) Improved Embedded LENA Config Viewer feature

(LENA-8059) Support for Spring Boot 3.0"
LENA 1.3.2 fix#1 2023.03.17

LENA 1.3.2 fix#1
Release Date: 2023.03.17

Changes
The following items have been updated:

Web Server

Web Application Server

Detailed Information
[ Web Server ]
(LENA-8173) Resolved CVE-2023-25690 Request Smuggling Vulnerability in mod_proxy

(LENA-8173) Fixed CVE-2023-27522 Response Splitting Vulnerability in mod_proxy_uwsgi

(LENA-8055) Resolved CVE-2006-20001 Out-of-Bounds Read or 0-byte Write Vulnerability in mod_dav

(LENA-8055) Fixed CVE-2022-36760 Request Smuggling Vulnerability in mod_proxy_ajp

(LENA-8055) Resolved CVE-2022-37436 HTTP Response Splitting Vulnerability from backend in mod_proxy

[ Web Application Server ]
(LENA-8164) Fixed CVE-2023-24998 Denial of Service Vulnerability in apache commons fileupload"
LENA 1.3.1 fix#5 2023.03.17

"LENA 1.3.1 fix#5
Release Date: 2023.03.17

Changes
The following items have been updated:

Web Server

Web Application Server

Detailed Information
[ Web Server ]
(LENA-8173) Resolved CVE-2023-25690 Request Smuggling Vulnerability in mod_proxy

(LENA-8173) Fixed CVE-2023-27522 Response Splitting Vulnerability in mod_proxy_uwsgi

(LENA-8055) Resolved CVE-2006-20001 Out-of-Bounds Read or 0-byte Write Vulnerability in mod_dav

(LENA-8055) Fixed CVE-2022-36760 Request Smuggling Vulnerability in mod_proxy_ajp

(LENA-8055) Resolved CVE-2022-37436 HTTP Response Splitting Vulnerability from backend in mod_proxy

[ Web Application Server ]
(LENA-8164) Fixed CVE-2023-24998 Denial of Service Vulnerability in apache commons fileupload"
LENA 1.3.0 fix#9 2023.03.17

"LENA 1.3.0 fix#9
Release Date: 2023.03.17

Changes
The following items have been updated:

Web Server

Web Application Server

Detailed Information
[ Web Server ]
(LENA-8173) Resolved CVE-2023-25690 Request Smuggling Vulnerability in mod_proxy

(LENA-8173) Fixed CVE-2023-27522 Response Splitting Vulnerability in mod_proxy_uwsgi

(LENA-8055) Resolved CVE-2006-20001 Out-of-Bounds Read or 0-byte Write Vulnerability in mod_dav

(LENA-8055) Fixed CVE-2022-36760 Request Smuggling Vulnerability in mod_proxy_ajp

(LENA-8055) Resolved CVE-2022-37436 HTTP Response Splitting Vulnerability from backend in mod_proxy

[ Web Application Server ]
(LENA-8164) Fixed CVE-2023-24998 Denial of Service Vulnerability in apache commons fileupload"
LENA Security Update Report(security fix#20230317) 2023.03.17

This report provides details of the security updates for LENA.

LENA 1.3.2 fix#1 / LENA 1.3.1 fix#5 / LENA 1.3.0 fix#9

Improved Vulnerabilities
LENA WEB

CVE-2023-25690

CVE-2023-27522

CVE-2006-20001

CVE-2022-36760

CVE-2022-37436

LENA WAS

CVE-2023-24998

Critical Vulnerabilities (KISA New Vulnerability Security Update Recommended)
CVE-2023-24998 Apache Commons FileUpload Security Update Recommended

Detailed Security Vulnerability Information
LENA WEB

CVE IDs

Impact

Vulnerability Type

Summary

LENA Version Affected

CVE-2023-25690

Important

Request Smuggling

mod_proxy: Request Smuggling Vulnerability

1.3.2 fix#1, 1.3.1 fix#5, 1.3.0 fix#9

CVE-2023-27522

Moderate

Response Splitting

mod_proxy_uwsgi: Resolution of Response Splitting Vulnerability

1.3.2 fix#1, 1.3.1 fix#5, 1.3.0 fix#9

CVE-2006-20001

Moderate

Out-of-bounds Write

mod_dav: Resolution of Out-of-bounds Read or 0-byte Write Vulnerability

1.3.2 fix#1, 1.3.1 fix#5, 1.3.0 fix#9

CVE-2022-36760

Moderate

Request Smuggling

mod_proxy_ajp: Resolution of Request Smuggling Vulnerability

1.3.2 fix#1, 1.3.1 fix#5, 1.3.0 fix#9

CVE-2022-37436

Moderate

Response Splitting

mod_proxy: HTTP Response Splitting Vulnerability from Backend

1.3.2 fix#1, 1.3.1 fix#5, 1.3.0 fix#9

LENA WAS

CVE IDs

Impact

Vulnerability Type

Summary

LENA Version Affected

CVE-2023-24998

Important

Denial Of Service

Apache Commons FileUpload Service Denial Vulnerability

1.3.2 fix#1, 1.3.1 fix#5, 1.3.0 fix#9"

LENA 1.3.2 2022.12.09

"LENA 1.3.2
Release Date: 2022.12.09

Changes
The following items have been updated:

Web Server

Web Application Server

Node Agent

Management

Container / Embedded

Etc

Detailed Information
[ Web Server ]
(LENA-7480) Added support for CentOS Stream 9 and Ubuntu 22.04

(LENA-7480) Introduced support for openssl 3.0

(LENA-7473) Added proxy failover/failback module

(LENA-7311) Updated OSS engine

[ Web Application Server ]
(LENA-7270) Implemented support for JDK 17

(LENA-7247) Initiated support for Java EE 8 / Jakarta EE 8

(LENA-7985) Added support for Servlet 6.0 and JSP 3.1

(LENA-7716, LENA-7984, LENA-8013) Updated OSS engine

(LENA-7583) Enhanced DBCP logging functionality and added shutdown feature upon DB connection / validation / createDatasource failure

[ Node Agent ]
(LENA-6915) Improved Agent, Manager CPU usage

(LENA-6856) Enabled file log output during Agent startup and shutdown

[ Management ]
(LENA-7247) Introduced support for multi-spec nodes

(LENA-7617) Enabled TunA bundling support

(LENA-7689) Introduced Proxy configuration UI support

(LENA-7588) Modified JK configuration UI

(LENA-7591) Revised Virtual Host Tab interface

(LENA-6915) Enhanced Agent, Manager CPU usage

(LENA-7256) Added external SNS Alarm feature for Event

[ Container / Embedded ]
(LENA-7254) Added feature for retrieving and checking Spring Boot configuration information"
LENA 1.3.1 fix#4 2022.05.03

LENA 1.3.1 fix#4
Release Date: 2022.05.03

Changes
The following items have been updated:

Web Server

Web Application Server

Session Server

Node Agent

Management

Container

Detailed Information
[Web Server]
(LENA-7219) Resolved CVE-2022-22719 vulnerability caused by uninitialized variable use

(LENA-7219) Resolved CVE-2022-22720 vulnerability occurring during HTTP request processing

(LENA-7219) Resolved CVE-2022-22721 buffer overflow vulnerability

(LENA-7219) Resolved CVE-2022-23943 Out-of-Bounds read/write vulnerability

(LENA-7075) Support for ubuntu 20.x versions

(LENA-7182) Support for oracle linux 8.x versions

(LENA-6623) Application of logrotate based on timezone

(LENA-6687) Improved mod_proxy DNS Lookup handling

[Web Application Server]
(LENA-7049, LENA-7050, LENA-7060) Update of OSS engine

(LENA-6834) Enhanced server startup by preventing server launch when unable to bind Port during LENA WAS startup

(LENA-6623) Application of logrotate based on timezone

[Session Server]
(LENA-6643) Explicit application of (Max)MetaspaceSize

[Node Agent]
(LENA-6643) Explicit application of (Max)MetaspaceSize

[Management]
(LENA-7003) Resolution of CVE-2022-22965 Spring4Shell security vulnerability

(LENA-6379) Update to jquery 3.x

(LENA-6945) Multilingual support framework implemented

(LENA-7006) Change in Event data management cycle: Month → Day

[Container]
(LENA-7063) Support for Spring Boot 2.6
(LENA-6919) Support for Jasypt encryption/decryption functionality
"
LENA 1.3.1 fix#3 2022.01.14

LENA 1.3.1 fix#3
Release Date: 2022.01.14

Changes
The following items have been updated:

Web Server

Web Application Server

Node Agent

Management

Detailed Information

[Web Server]
(LENA-6867) Resolved CVE-2021-44224 service denial vulnerability caused by null pointer dereference
(LENA-6867) Resolved CVE-2021-44790 buffer overflow vulnerability occurring due to inadequate input validation

[Web Application Server]
(LENA-6689, LENA-6870) Resolved CVE-2021-42340 service denial vulnerability in websocket service

[Node Agent]
(LENA-6866) Resolved CVE-2021-42550 logback remote code execution vulnerability

[Management]
(LENA-6866) Resolved CVE-2021-42550 logback remote code execution vulnerability
"
LENA 1.3.0 fix#8 2022.01.14

LENA 1.3.0 fix#8
Release Date: 2022.01.14

Changes
The following items have been updated:

Web Server

Web Application Server

Node Agent

Management

Detailed Information

[Web Server]
(LENA-6867) Resolved CVE-2021-44224 service denial vulnerability caused by null pointer dereference
(LENA-6867) Resolved CVE-2021-44790 buffer overflow vulnerability occurring due to inadequate input validation

[Web Application Server]
(LENA-6689) Resolved CVE-2021-42340 service denial vulnerability in websocket service

[Node Agent]
(LENA-6866) Resolved CVE-2021-42550 logback remote code execution vulnerability

[Management]
(LENA-6866) Resolved CVE-2021-42550 logback remote code execution vulnerability
"
LENA 1.2.5 fix#8 2022.01.14

LENA 1.2.5 fix#8
Release Date : 2022.01.14

Changes
The following items have been updated:

Web Server
Node Agent
Management
Detailed Information
[ Web Server ]

(LENA-6867) Resolved CVE-2021-44224 service denial vulnerability caused by null pointer dereference

(LENA-6867) Resolved CVE-2021-44790 buffer overflow vulnerability occurring due to inadequate input validation

[ Node Agent ]

(LENA-6866) Resolved CVE-2021-42550 logback remote code execution vulnerability

[ Management ]

(LENA-6866) Resolved CVE-2021-42550 logback remote code execution vulnerability

LENA Security Update Report(security fix#20220114) 2022.01.14

LENA Security Update Report

LENA 1.3.1 fix#3 / LENA 1.3.0 fix#8 / LENA 1.2.5 fix#8
Improved Vulnerabilities
LENA WEB
CVE-2021-44224
CVE-2021-44790
LENA WAS
CVE-2021-42340
LENA AGENT, LENA MANAGER
CVE-2021-42550
Main Vulnerabilities (KISA New Vulnerability Security Update Recommended)
CVE-2021-44224 Service denial vulnerability caused by null pointer dereference
CVE-2021-44790 Buffer overflow vulnerability due to inadequate input validation
CVE-2021-42550 logback remote code execution vulnerability
Detailed Security Vulnerability Information
LENA WEB
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2021-44224
Moderate
Denial Of Service
Service denial vulnerability caused by null pointer dereference
1.3.1 fix#3, 1.3.0 fix#8, 1.2.5 fix#8
CVE-2021-44790
High
Buffer Overflow
Buffer overflow vulnerability due to inadequate input validation
1.3.1 fix#3, 1.3.0 fix#8, 1.2.5 fix#8
LENA WAS
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2021-42340
Important
Denial Of Service
websocket service denial vulnerability
1.3.1 fix#3, 1.3.0 fix#8
LENA AGENT, LENA MANAGER
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2021-42550
Medium
Remote Code Execution
logback remote code execution vulnerability
1.3.1 fix#3, 1.3.0 fix#8, 1.2.5 fix#8
LENA 1.3.1 fix#7 2021.08.13

LENA 1.3.1 fix#7
Release Date : 2021.08.13

Changes
The following items have been updated:

Web Application Server
Detailed Information
[ Web Application Server ]

(LENA-6386) Resolved CVE-2021-33037 HTTP Request Smuggling vulnerability.

(LENA-6386) Resolved CVE-2021-30640 JNDI Realm authentication vulnerability.

(LENA-6386) Resolved CVE-2021-30639 Denial of Service vulnerability.
LENA Security Update Report(security fix#20210813) 2021.08.13

LENA Security Update Report.

LENA 1.3.1 fix#2 && LENA 1.3.0 fix#7
Improved Vulnerabilities
LENA WAS
CVE-2021-33037
CVE-2021-30640
CVE-2021-30639
Major Vulnerabilities (KISA Recommended New Vulnerability Security Updates)
N/A
Detailed Security Vulnerability Information
LENA WAS
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2021-33037
Important
Request Smuggling
HTTP Request Smuggling Vulnerability
1.3.1 fix#2, 1.3.0 fix#7
CVE-2021-30640
Low
Authentication weakness
JNDI Realm authentication vulnerability
1.3.1 fix#2, 1.3.0 fix#7
CVE-2021-33037
Important
Denial of Service
Denial of Service vulnerability
1.3.1 fix#2, 1.3.0 fix#7
LENA 1.3.1 fix#1 2021.04.19

LENA 1.3.1 fix#1
Release Date : 2021.04.19

Changes
The following items have been updated:

Web Server
Web Application Server
Session Server
Management
Monitoring(Diagnostics)
Etc
Detailed Information
[ Web Server ]

(LENA-5615) Added a feature to delete log home when deleting a server.

(LENA-4486, LENA-5318) Changed the default value of E2E functionality to not in use.

(LENA-4603) Changed the Windows service startup type to manual.

[ Web Application Server ]

(LENA-5615) Added a feature to delete log home when deleting a server.

(LENA-5584) Fixed an error in status retrieval when a different process's PID exists in the PID file.

[ Session Server ]

(LENA-5644) Improved prevention of session attribute loss when using the Embedded Session Server.

(LENA-5615) Added a feature to delete log home when deleting a server.

[ Management ]

(LENA-5866) Updated UI library.

(LENA-5576) Added table sorting functionality to Web Server Load Balancer and Virtual Host.

(LENA-5409) Improved server deletion functionality.

(LENA-5396) Modified the icon to not display when a server is restarted via CLI.

[ Monitoring(Diagnostics) ]

(LENA-5608) Improved WAS monitoring pop-up functionality.

[ Etc ]

(LENA-5600, LENA-5457, LENA-5456) Upgraded OSS engine versions.
LENA 1.3.1 Release Note 2021.02.09

LENA 1.3.1 Release Note
Release Date : 2021.02.09

Changes
The following items have been updated:

Web Server
Web Application Server
Session Server
Patch
Management
Monitoring(Diagnostics)
Etc
Detailed Information
[ Web Server ]

(LENA-4893) Added automatic HTTP to HTTPS redirection settings.

(LENA-5172) Added automatic restart function in case of Web Server hang situations.

(LENA-4997) Added a custom environment variable configuration screen.

[ Web Application Server ]

(LENA-4589) Standardized log file naming format.

(LENA-4997) Added a custom environment variable configuration screen.

[ Session Server ]

(LENA-4585) Added pre-validation for IP and Port configurations during Session Server setup.

(LENA-4894) Improved log readability by enhancing the formatting.

[ Patch ]

(LENA-4873) Enhanced Patch UI and functionality.

[ Management ]

(LENA-4587) Added Rolling Restart function (for Cluster environments).

(LENA-4533) Added Multi-Server Control functions (start, stop, restart).

(LENA-5097) Added a new Dashboard and improved UI/UX.

[ Monitoring(Diagnostics) ]

(LENA-5127) Enhanced Monitoring Dashboard UI.

(LENA-4571) Added Monitoring Dashboard and Event management functions.

(LENA-4615) Added Manager retention function for WAS Thread/Service Dump.

[ Etc ]

(LENA-5365) Upgraded OSS engine versions.

(LENA-5086) Added support for JDK11.

LENA 1.3.0 fix#6 Release Note 2020.10.07

LENA 1.3.0 fix#6 Release Note
Release Date : 2020.10.07

Changes
The following items have been updated:

Web Server
Detailed Information
[ Web Server ]

(LENA-5095)

Resolved CVE-2020-11984 remote code execution vulnerability in mod_proxy_uwsgi.

Resolved CVE-2020-11993 memory corruption vulnerability related to log level in mod_http2.

Resolved CVE-2020-9490 memory corruption vulnerability related to the Cache-Digest header in mod_http2.
LENA 1.2.5 fix#7 Release Note 2020.10.07

LENA 1.2.5 fix#7 Release Note
Release Date : 2020.10.07

Changes
The following items have been updated:

Web Server
Detailed Information
[ Web Server ]

(LENA-5095)

Resolved CVE-2020-11984 remote code execution vulnerability in mod_proxy_uwsgi.

Resolved CVE-2020-11993 memory corruption vulnerability related to log level in mod_http2.

Resolved CVE-2020-9490 memory corruption vulnerability related to the Cache-Digest header in mod_http2.
LENA Security Update Report(security fix#20201007) 2020.10.07

LENA Security Update Report.

LENA 1.2.5 fix#7 && LENA 1.3.0 fix#6
Improved Vulnerabilities
LENA WEB
CVE-2020-11984
CVE-2020-11993
CVE-2020-9490
Major Vulnerabilities (KISA Recommended New Vulnerability Security Updates)
N/A
Detailed Security Vulnerability Information
LENA WEB
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2020-11984
Moderate
Remote Code Execution
mod_proxy_uwsgi Remote Code Execution Vulnerability
1.2.5 fix#7, 1.3.0 fix#6
CVE-2020-11993
Moderate
HTTP/2 DoS
mod_http2 Log Level-Related Memory Corruption Vulnerability
1.2.5 fix#7, 1.3.0 fix#6
CVE-2021-33037
Important
HTTP/2 DoS
mod_http2 Cache-Digest Header-Related Memory Corruption Vulnerability
1.2.5 fix#7, 1.3.0 fix#6
LENA 1.3.0 fix#5 Release Note 2020.07.20

LENA 1.3.0 fix#5 Release Note
Release Date : 2020.07.20

Changes
The following items have been updated:

Web Application Server
Detailed Information
[ Web Application Server ]

(LENA-4973) Resolved CVE-2020-13935 WebSocket Denial of Service Vulnerability

(LENA-4973) Resolved CVE-2020-13934 HTTP/2 Denial of Service Vulnerability
LENA 1.3.0 fix#6 Release Note 2020.07.20

LENA 1.3.0 fix#6 Release Note
Release Date : 2020.07.20

Changes
The following items have been updated:

Web Application Server
Detailed Information
[ Web Application Server ]

(LENA-4973) Resolved CVE-2020-13935 WebSocket Denial of Service Vulnerability

(LENA-4973) Resolved CVE-2020-13934 HTTP/2 Denial of Service Vulnerability

LENA Security Update Report(security fix#20200720) 2020.07.20

LENA Security Update Report.

LENA 1.2.5 fix#6 && LENA 1.3.0 fix#5
Improved Vulnerabilities
LENA WAS
CVE-2020-13935
CVE-2020-13934
Main Vulnerabilities (KISA New Vulnerability Security Update Recommended)
N/A
Detailed Security Vulnerability Information
LENA WAS
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2020-13935
Important
WebSocket DoS
A denial of service vulnerability occurs due to inadequate message processing when receiving a manipulated WebSocket request message.
1.2.5 fix#6, 1.3.0 fix#5
CVE-2020-13934
Moderate
HTTP/2 DoS
A denial of service vulnerability occurs due to inadequate message processing when receiving a manipulated HTTP/2 request message.
1.2.5 fix#6, 1.3.0
LENA Security Update Report(security fix#20200713) 2020.07.13

LENA Security Update Report.

LENA 1.2.5 fix#5 && LENA 1.3.0 fix#4
Improved Vulnerabilities
LENA WAS
CVE-2020-11996
CVE-2020-9484
Main Vulnerabilities (KISA New Vulnerability Security Update Recommended)
CVE-2020-11996: A denial of service vulnerability occurs due to inadequate message processing when receiving a manipulated HTTP/2 request message in Tomcat.
CVE-2020-9484: In Apache Tomcat, under certain conditions*, a vulnerability allowing remote code execution occurs when an attacker's malicious request message is deserialized.
Detailed Security Vulnerability Information
LENA WAS
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2020-11996
Important
HTTP/2 DoS
A denial of service vulnerability occurs due to inadequate message processing when receiving a manipulated HTTP/2 request message.
1.2.5 fix#5, 1.3.0 fix#4
CVE-2020-9484
Important
Remote Code Execution via session persistence
Under certain conditions*, a vulnerability allowing remote code execution occurs when an attacker's malicious request message is deserialized.
1.2.5 fix#5, 1.3.0 fix#4
LENA Security Update Report(security fix#20200320) 2020.03.20

LENA Security Update Report.

LENA 1.2.5 fix#4 && LENA 1.3.0 fix#3
Improved Vulnerabilities
LENA WAS
CVE-2020-1938
Main Vulnerabilities (KISA New Vulnerability Security Update Recommended)
CVE-2020-1938: A remote code execution vulnerability occurs due to inadequate processing of AJP request messages in Tomcat.
Detailed Security Vulnerability Information
LENA WAS
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2020-1938
Important
Remote Code Execution
A remote code execution vulnerability occurs due to inadequate processing of AJP request messages.
1.2.5 fix#4, 1.3.0 fix#3
LENA Security Update Report(security fix#20191121) 2019.11.21

LENA 1.2.5 fix#3 및 LENA 1.3.0 fix#2 Security Update Report.

LENA 1.2.5 fix#3 && LENA 1.3.0 fix#2
Improved Vulnerabilities
LENA Web Server
CVE-2019-10098
CVE-2019-10097
CVE-2019-10092
CVE-2019-10082
CVE-2019-10081
CVE-2019-9517
Main Vulnerabilities (KISA New Vulnerability Security Update Recommended)
N/A
Detailed Security Vulnerability Information
LENA Web Server
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2019-10098
moderate
open redirect
Potential open redirection in mod_rewrite
1.2.5 fix#3, 1.3.0 fix#2
CVE-2019-10097
moderate
DoS
Stack buffer overflow and NULL pointer dereference in mod_remoteip
1.2.5 fix#3, 1.3.0 fix#2
CVE-2019-10092
moderate
XSS
Limited Cross-Site Scripting in mod_proxy error page
1.2.5 fix#3, 1.3.0 fix#2
CVE-2019-10082
moderate
N/A
mod_http2 read-after-free in h2 connection shutdown
1.2.5 fix#3, 1.3.0 fix#2
CVE-2019-10081
moderate
N/A
Memory corruption during initial push in mod_http2
1.2.5 fix#3, 1.3.0 fix#2
CVE-2019-9517
moderate
DoS
Exhaustion of h2 workers in mod_http2 leading to DoS attack.
1.2.5 fix#3, 1.3.0 fix#2
LENA 1.3.0 fix#4 Release Note 2020.07.13

LENA 1.3.0 fix#4 Release Note
Release Date : 2020.07.13

Changes
The following items have been updated:

Web Application Server
Detailed Information
[ Web Application Server ]

(LENA-4653) Resolved CVE-2020-11996 HTTP/2 Denial of Service Vulnerability

LENA 1.3.0 fix#3 Release Note 2020.03.20

LENA 1.3.0 fix#3 Release Note
Release Date : 2020.03.20

Changes
The following items have been updated:

Web Server
Web Application Server
Install/Patch
Management
etc
Detailed Information
[ Web Server ]

(LENA-4704) Modified WEB server template (Added TLS 1.1 disable)

(LENA-4704) (Bug) Fixed MOD_EUM logging bug

[ Web Application Server ]

(LENA-4698) Changed server template related to the application of ajp security patch

(LENA-4653) Resolved CVE-2020-1938 AJP security vulnerability

[ Install/Patch ]

(LENA-4699) Added install/clone feature related to the application of ajp security patch

[ Management ]

(LENA-4666) (Bug) Fixed issue where empty connector information was not generated when ajp connector was commented out

(LENA-3125) (Bug) Fixed issue where embedded session information was deleted when the cluster was removed

[ Monitoring(Diagnostics) ]

(LENA-4391, LENA-4391) (Bug) Fixed peak control screen UI and errors

(LENA-4395, LENA-4392, LENA-4389) (Bug) Fixed ie11 screen errors

[ etc ]

(LENA-4346) Upgraded servlet engine
LENA 1.2.5 fix#4 Release Note 2020.03.20

LENA 1.2.5 fix#4 Release Note
Release Date : 2020.03.20

Changes
The following items have been updated:

Web Server
Web Application Server
Install/Patch
Management
etc
Detailed Information
[ Web Server ]

(LENA-4704) Modified WEB server template (Added TLS 1.1 disable)

[ Web Application Server ]

(LENA-4698) Changed server template related to the application of ajp security patch

(LENA-4653) Resolved CVE-2020-1938 AJP security vulnerability

[ Install/Patch ]

(LENA-4699) Added install/clone feature related to the application of ajp security patch

[ Management ]

(LENA-4666) (Bug) Fixed issue where empty connector information was not generated when ajp connector was commented out

(LENA-3125) (Bug) Fixed issue where embedded session information was deleted when the cluster was removed

[ etc ]

(LENA-4346) Upgraded servlet engine
LENA 1.3.0 fix#2 Release Note 2019.11.21

LENA 1.3.0 fix#2 Release Note
Release Date : 2019.11.21

Changes
The following items have been updated:

Web Server
Web Application Server
Detailed Information
[ Web Server ]

Resolved Vulnerabilities CVE-2019-10092, CVE-2019-10098, CVE-2019-10082, CVE-2019-10081, CVE-2019-9517, CVE-2019-10097

[ Web Application Server ]
LENA 1.2.5 fix#3 Release Note 2019.11.10

LENA 1.2.5 fix#3 Release Note
Release Date : 2019.11.10

Changes
The following items have been updated:

Web Server
Web Application Server
Detailed Information
[ Web Server ]

Resolved Vulnerabilities CVE-2019-10092, CVE-2019-10098, CVE-2019-10082, CVE-2019-10081, CVE-2019-9517, CVE-2019-10097

[ Web Application Server ]
LENA Security Update Report(security fix#20190628) 2019.06.28

LENA Security Update Report(security fix#20190430).

LENA 1.3.0 security fix#20190628
Improved Vulnerabilities
LENA WAS Server
CVE-2019-10072
Main Vulnerabilities (KISA New Vulnerability Security Update Recommended)
N/A
Detailed Security Vulnerability Information
LENA WAS Server
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2019-10072
Important
Denial of Service
HTTP/2 connection window exhaustion on write
1.3.0(fix#1)

LENA 1.3.0 fix#1 Release Note 2019.06.28

LENA 1.3.0 fix#1 Release Note
Release Date : 2019.06.28

Changes
The following items have been updated:

Web Application Server
Detailed Information
[ Web Application Server ]

Resolved CVE-2019-10072 Denial of Service vulnerability
LENA Security Update Report(security fix#20190430) 2019.04.30

LENA Security Update Report(security fix#20190430).

LENA 1.2.0-5 security fix#20190430
Improved Vulnerabilities
LENA WEB Server
CVE-2019-0211, CVE-2019-0217, CVE-2019-0215, CVE-2019-0197, CVE-2019-0196, CVE-2019-0220
CVE-2019-0190, CVE-2018-17199, CVE-2018-17189
CVE-2018-11763
CVE-2018-1333, CVE-2018-8011
LENA WAS Server
CVE-2019-0232, CVE-2018-11784
Main Vulnerabilities (KISA New Vulnerability Security Update Recommended)
N/A
Detailed Security Vulnerability Information
LENA WEB Server
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2019-0211
Important
Permissions, Privileges, and Access Control
HTTP Server privilege escalation from modules' scripts
1.2.5 (fix#2), 1.3.0
CVE-2019-0217
Important
Race Conditions
mod_auth_digest access control bypass
1.2.5 (fix#2), 1.3.0
CVE-2019-0215
Important
Improper Access Control
mod_ssl access control bypass
1.2.5 (fix#2), 1.3.0
CVE-2019-0197
low
N/A
mod_http2, possible crash on late upgrade
1.2.5 (fix#2), 1.3.0
CVE-2019-0196
low
N/A
mod_http2, read-after-free on a string compare
1.2.5 (fix#2), 1.3.0
CVE-2019-0220
low
N/A
Apache httpd URL normalization inconsistincy
1.2.5 (fix#2), 1.3.0
CVE-2019-0190
important
Input Validation
mod_ssl 2.4.37 remote DoS when used with OpenSSL 1.1.1
1.2.5 (fix#2), 1.3.0
CVE-2018-17199
low
Session Fixation
mod_session_cookie does not respect expiry time
1.2.5 (fix#2), 1.3.0
CVE-2018-17189
low
Uncontrolled Resource Consumption
DoS for HTTP/2 connections via slow request bodies
1.2.5 (fix#2), 1.3.0
CVE-2018-1333
low
Resource Management Errors
DoS for HTTP/2 connections by crafted requests
1.2.5 (fix#2), 1.3.0
CVE-2018-8011
moderate
NULL Pointer Dereference
mod_md, DoS via Coredumps on specially crafted requests
1.2.5 (fix#2), 1.3.0
LENA WAS Server
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2019-0232
Important
Input Validation
Remote Code Execution on Windows
1.2.5 (fix#2), 1.3.0
CVE-2018-11784
Moderate
URL Redirection to Untrusted Site ('Open Redirect')
Open Redirect
1.2.5 (fix#2), 1.3.0
LENA 1.3.0 Release Note 2019.04.30

LENA 1.3.0 Release Note
Release Date : 2019.04.30

Changes
The following items have been updated:

Web Server
Web Application Server
Install/Patch/License
Management
Monitoring(Diagnostics)
etc
Detailed Information
[ Web Server ]

(LENA-3889) Added End User Monitoring feature (mod_eum)

Monitoring of user (browser)-WEB-WAS section
Collection of client performance and script errors
(LENA-3714) Added LENA SLB Proxy module (mod_lena_proxy)

Dynamic DNS Lookup and DNS information update functionality
Resolved AWS ALB DNS Lookup caching issue
(LENA-3669) Added LENA Web PE (portable engine) support module

Automatic recognition and support for Amazon Linux 2
[ Web Application Server ]

(LENA-4141) Added feature to separate Service, System Dump paths

(LENA-4109) Improved Resource annotation support feature

(LENA-3982) Added feature to change the Connector's socket binding timing

(LENA-3576) Supported Java EE 7 Spec

[ Install/Patch/License ]

(LENA-3471) Supported Cloud-oriented License

[ Management ]

(LENA-4124) Added LENA usage measurement feature for applying License pre/post-payment system

(LENA-3955) Added Software Load Balancer management feature

(LENA-3647) Added Database management feature

(LENA-3637) Added Topology view and section monitoring feature

(LENA-3474) Provided feature to support Cloud-based Auto Scaling

Supported automation and synchronization features for LENA installation in conjunction with AWS AutoScaling
(LENA-3473) Provided Provisioning feature

Feature for installing and removing LENA remote nodes
[ Monitoring(Diagnostics) ]

(LENA-4067) Added Service Tracing feature

Service tracing feature based on IP/URL in Topology
(LENA-3965) Added Advanced Analysis view

Provided real-time analysis dashboard
[ etc ]

(LENA-4118,4114) Upgraded web/servlet engine, Supported Java EE 7 Spec

Supported Servlet 3.1, JSP 2.3, EL 3.0 specifications
Supported EJB 3.2, JTA 1.2 and other Java EE 7 specifications
LENA 1.2.5 fix#2 Release Note 2019.04.30

LENA 1.2.5 fix#2 Release Note
Release Date : 2019.04.30

Changes
The following items have been updated:

Web Server
Web Application Server
Detailed Information
[ Web Server ]

Resolved vulnerabilities CVE-2019-0211, CVE-2019-0217, CVE-2019-0215, CVE-2019-0197, CVE-2019-0196, CVE-2019-0220

Resolved vulnerabilities CVE-2019-0190, CVE-2018-17199, CVE-2018-17189

Resolved vulnerability CVE-2018-11763

Resolved vulnerabilities CVE-2018-1333, CVE-2018-8011

[ Web Application Server ]

Resolved CVE-2019-0232 Remote Code Execution vulnerability

Resolved CVE-2018-11784 Open Redirect vulnerability
LENA 1.2.5 fix#1 Release Note 2018.11.29

LENA 1.2.5 fix#1 Release Note
Release Date : 2018.11.29

Changes
The following items have been updated:

Web Server
Web Application Server
Install/Patch
Management
etc
Detailed Information
[ Web Server ]

(LENA-3575) Resolved CVE-2018-11784 Open Redirect vulnerability

[ Web Application Server ]

(LENA-3622) Added feature for detailed version verification (version.sh)

(LENA-3011) Added feature for forced termination of WAS in case application thread does not terminate

[ Install/Patch ]

(LENA-3621) Added Cluster Edition management feature

[ Management ]

(LENA-3619) (Bug) Fixed the issue where duplicate ID is not generated when creating Node UUID with only loopback address available

(LENA-3125) Added backup feature for the previous license when updating the license

[ etc ]

(LENA-3577,3568) Added upgraded versions of servlet engine, and session server (1.2.5e)

Support for Servlet 3.1, JSP 2.3, EL 3.0 specifications
[+]

Support for Java EE7 will be integrated into LENA 1.3, and updates for LENA 1.2 will be discontinued in the future

The last released version, LENA 1.2.5e Fix1 (1.2.5e.1), will be maintained until the EOS point

To provide stable features, technical support, and operational management benefits, upgrading to LENA 1.3 is recommended

LENA Security Update Report(security fix#20181109) 2018.11.09

LENA Security Update Report(security fix#20181109).

LENA 1.2.0-5 security fix#20181109
Improved Vulnerabilities
LENA WEB Server
CVE-2018-11759
Main Vulnerabilities (KISA New Vulnerability Security Update Recommended)
CVE-2018-11759: Access control bypass vulnerability occurring due to the improper handling of out-of-bounds values in specific code of Apache Web Server
Detailed Security Vulnerability Information
LENA WAS Server
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2018-8014
Important
Information disclosure
Special requests can expose application features through reverse proxy functionality
1.2.5.1(fix#1), 1.2.6
LENA 1.2.5 Release Note 2018.07.19

LENA 1.2.5 Release Note
Release Date : 2018.07.19

Changes
The following items have been updated:

Web Server
Web Application Server
Install/Patch
Management
Monitoring(Diagnostics)
etc
Detailed Information
[ Web Application Server ]

(LENA-2959) Applied different default values for minEvictableIdleTimeMillis property when using non-XA and XA

XA true => 1800000ms (30 minutes), XA false => 60000ms (60 seconds)
(LENA-3012) Changed the default value of mod_jk's connect_timeout (30 seconds -> 10 seconds)
(LENA-3127) Added data source connection information encryption feature (URL, ID)

[ Install/Patch ]

(LENA-1199) Added a feature to verify hyper-threading on/off during license verification

[ Management ]

(LENA-2962) (Bug) Modified to allow registering multiple IPs using '|' when controlling access to LENA Manager based on IP

(LENA-1170,1171) Added StuckThread monitoring and OPENAPI feature

(LENA-3007) Displayed server list differentiated by Node Type

(LENA-3065) Changed to manage servers according to Node Type and added Node Type

(LENA-3153) Added a feature to change JVMRouter value when changing WAS port

(LENA-3274) Improved to allow specifying the order of target WAS directly when connecting Web-WAS

[ Monitoring(Diagnostics) ]

(LENA-2978) (Bug) Modified to generate diagnostic Report even if Action setting is missing during Request Full diagnosis

(LENA-3265) (Bug) Modified to allow access to Trace setting screen even if Node Agent is down

(LENA-2986) Added BCI processing logic for PreparedStatement, Resultset changed in maria db client 1.6/1.7

(LENA-2969) Added validation feature for WAS connected to the web server

(LENA-3015) Added a feature to monitor the disk usage where Web/WAS Engine is installed

[ etc ]

(LENA-3281,3508) Upgraded OSS engine version

LENA WAS : Apache Tomcat 7.0.90
LENA Web : Apache Http Server 2.4.33
LENA Security Update Report(security fix#20180719) 2018.07.19

LENA Security Update Report(security fix#20180719).

LENA 1.2.0-4 security fix#20180719
Improved Vulnerabilities
LENA WAS
CVE-2018-1304, CVE-2018-1305,
CVE-2018-8014
LENA WEB Server
CVE-2018-1312, CVE-2018-1303, CVE-2018-1302, CVE-2018-1301, CVE-2018-1283,
CVE-2017-15715, CVE-2017-15710
Main Vulnerabilities (KISA New Vulnerability Security Update Recommended)
N/A
Detailed Security Vulnerability Information
LENA WAS
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2018-8014
Low
CORS filter has insecure defaults
Change in the default value of CORS filter
1.2.5
CVE-2018-1305
Important
Security constraint annotations applied too late
Depending on the servlet loading sequence, the application of security constraints can be omitted when setting Security constraint with annotations.
1.2.5
CVE-2018-1304
Important
Security constraints mapped to context root are ignored
Security constraints can be omitted for the "" string mapped to the context root.
1.2.5
LENA WEB Server
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2018-8014
Low
Authentication Issues
Nonce value is not generated correctly in mod_auth_digest module
1.2.5
CVE-2018-1303
Low
Out-of-bounds Read
Mod_cache_socache module can cause out-of-bound read
1.2.5
CVE-2018-1302
Low
NULL Pointer Dereference
Null Pointer can occur in already freed memory when a stream is terminated while using HTTP/2
1.2.5
CVE-2018-1301
Low
Buffer Errors
After reading the HTTP header up to the size limit, a specific manipulation can cause out-of-bound access.
1.2.5
CVE-2018-1283
Moderate
Input Validation
When using SessionEnv on, which is not the default, in mod_session module, it can affect the corresponding content in CGI applications
1.2.5
CVE-2017-15715
Low
Input Validation
The specified expression can match newline characters and '$' characters.
1.2.5
CVE-2017-15710
Low
Out-of-bounds Write
Using a very small Accept-Language value in mod_authnz_ldap module can cause out-of-bound write
1.2.5
LENA Security Update Report(security fix#20180209) 2018.02.09

LENA 1.2.4 Security Update Report.

LENA 1.2.0-4 security fix#20180209
Improved Vulnerabilities
LENA WAS
CVE-2017-12617,
CVE-2017-12616, CVE-2017-12615,
CVE-2017-7674,
CVE-2017-5664, CVE-2017-5647, CVE-2017-5648
Main Vulnerabilities (KISA New Vulnerability Security Update Recommended)
CVE-2017-12617: Remote code execution vulnerability enabling the upload of JSP files to the server through specially crafted Request requests when the HTTP PUT method is enabled on the server.
CVE-2017-12616: Information disclosure vulnerability allowing the viewing of jsp source code by circumventing security policies for resources provided by the VirtualDirContext class when utilizing this class.
CVE-2017-12615: Remote code execution vulnerability allowing manipulated jsp files to be uploaded to a Windows server using the PUT method during HTTP requests.
CVE-2017-5648: Information disclosure vulnerability allowing access to information from other web applications due to incorrect object references in the Security Manager class during the execution of untrusted applications.
CVE-2017-5647: Information disclosure vulnerability occurring when incorrect responses are sent due to loss of pipelined requests after the completion of processing previous file transfers.
Detailed Security Vulnerability Information
LENA WAS
CVE IDs
Impact
Vulnerability Type
Summary
LENA Version Affected
CVE-2017-12617
Important
Remote Code Execution
Vulnerability that allows the upload of manipulated JSP files to the server using the PUT method during HTTP requests, enabling arbitrary code execution on the server (PUT, DELETE methods are available when the readonly parameter of the Default servlet is set to false)
1.2.5
CVE-2017-12616
Important
Information Disclosure
Information disclosure vulnerability allowing the viewing of jsp source code by circumventing security policies on resources provided by the VirtualDirContext class.
1.2.5
CVE-2017-12615
Important
Remote Code Execution
Vulnerability allowing manipulated jsp files to be uploaded to a Windows server using the PUT method during HTTP requests, enabling arbitrary code execution on the server.
1.2.5
CVE-2017-7674
Moderate
Cache Poisoning
Vulnerability due to CORS (spec allowing cross-domain communication) Filter not properly adding HTTP Vary headers, leaving both client and server susceptible to cache poisoning attacks.
1.2.5
CVE-2017-5664
Important
Security Constraint Bypass
Vulnerability allowing the deletion or alteration of error pages by processing manipulated HTTP requests when readonly=false is set for the DefaultServlet.
1.2.5
CVE-2017-5648
Low
Remote Code Execution
Vulnerability allowing the upload of manipulated JSP files to the server using the PUT method during HTTP requests, enabling arbitrary code execution on the server (PUT, DELETE methods are available when the readonly parameter of the Default servlet is set to false)
1.2.5
CVE-2017-5647
Important
Information Disclosure
Vulnerability leading to the disclosure of significant information as incorrect responses are sent to lost pipelined requests after the completion of processing previous file transfers.
1.2.5
LENA 1.2.4 fix#4 Release Note 2017.10.12

LENA 1.2.4 fix#4
Changes
The following items have been updated:

Web Application Server

Web Server

Detailed Information
[Web Application Server, Web Server]
(LENA-3515, 3520) Implemented LENA new security updates (security fix#20180719)

Release Date: 2018.07.19

LENA 1.2.4 fix#3
Changes
The following items have been updated:

Web Application Server

Detailed Information
[Web Application Server]
(#8201) Resolved Apache Tomcat vulnerabilities CVE-2017-12615, CVE-2017-12616

(#8200) Resolved Apache Tomcat vulnerability CVE-2017-12617

Release Date: 2017.10.12

LENA 1.2.4 fix#2
Changes
The following items have been updated:

Node Agent

Management

Monitoring(Diagnostics)

Detailed Information
[Node Agent]
(#8162) Resolved the issue where a newline character is added when modifying files in the Config Tree screen

[Management]
(#8171) Output of web server startup message

[Monitoring(Diagnostics)]
(#8160) Improved the excessive CPU usage issue on the Monitoring Dashboard

(#8189) Added StuckThread monitoring to OPENAPI

(#8161) Enhanced to fetch the external js files used in Diagnostics from Lena Manager

Release Date: 2017.09.11

LENA 1.2.4 fix#1
Changes
The following items have been updated:

Web Server

Install/Patch

Management

Detailed Information
[Web Server]
(#8079) Improved graceful stop

[Install/Patch]
(#8157) Added an option to choose whether to use FileChannel during Clone execution

[Management]
(#8099) Provided an option to inquire about detailed server status in the server list inquiry screen

(#8156) Added an option that allows for a delay when inquiring server status

(#8153) Modified the Patch version check function

Release Date: 2017.07.19

LENA 1.2.4
Changes
The following items have been updated:

Web Server

Web Application Server

Session Server

Install/Patch

Management

Monitoring(Diagnostics)

etc

Detailed Information
[Web Server]
(#7984) Modified mod_jk ForwardURI option: ForwardURICompat > ForwardURIProxy

(#7950) Changed the default value of Tomcat JDBC validationInterval (30 seconds -> 3 seconds)

https://bz.apache.org/bugzilla/show_bug.cgi?id=59923

https://bz.apache.org/bugzilla/show_bug.cgi?id=59923

(#7739) Developed Web Server service control module (mod_lsc): Controls services based on time, header, cookie, and URI

(#7674) Set recovery_options to 7 to prevent duplicate transactions during web server failover

[ Web Application Server ]
(#7887) Improved ThreadExecutor structure: Internal Executor method > External Executor method

Deleted prestartMinSpareThreads option (forcibly changed to prestart in tomcat 7.0.76)

Applied maxQueueSize per connector (replacing the existing acceptCount)

(#7786) Configured HTTP method restriction (web.xml)

(#7776) Enhanced XA Transaction ID creation logic

[Session Server]
(#7699) Modified Zodiac Valve Context URL Parsing functionality (Corresponding to new NCD version)

(#7726) (Bug) Fixed Session Clustering Embedded Mode Timeout priority issue

[Install/Patch]
(#7746) (Bug) Resolved the issue where the service would not start properly on English Windows due to date format

[Management]
(#7989) Configured to adjust the number of server lists displayed in Manager through manager.conf

(#7888) DataSource Interceptor configuration functionality

(#7690) Monitoring-related REST API functionality

(#7650) Manual download functionality

(#7649) unpackWAR configuration functionality

(#7644) CLASSPATH addition functionality when registering JDBC driver files

(#7775) Data source test functionality in the Resource screen

(#8044) (Bug) Modified to allow multiple line definitions of CustomLog in VirtualHost Tab

[Monitoring(Diagnostics)]
(#7677) Added Session Server Monitoring functionality

(#7361) Added Peak Control functionality

[etc]
(#7786) Upgraded OSS engine version

LENA WAS: N/A

LENA Web: Apache Http Server 2.4.23

Release Date: 2017.06.30"

Video

References

Meritz Fire & Marine Insurance selected as Standard WAS Introduced to services acrossall financial business system

Applied to 4 systems including KOBUS T-Money Mobile, and High-Speed Mobile Implemented mobile smart card service system based on NFC

Applied blockchain service platform Provided services such as local currency and mobile authentication as the first public blockchain platform in Korea

Implemented information systems Applied to over 30 information systems such as OLAP / IFRS / IMAGE system

Implemented to Global/Internal•External 150+ systems Stables session handling for EP system with over 80,000 large-scale users

LG Chem selected as Standard WAS Applied to Global/Internal•External system

S&I selected as Standard WAS Applied to over 10 systems including portal sites

Pantos selected as company-wide Standard WAS Applied to Global/Internal•External 10+ systems

GS Retail company-wide & affiliate standardization Applied to over 20 systems across scales, delivery, marketing, and other distribution tasks

Applied to KT Bizmeka EZ Service Introduced the largest scale KT business portal service in Korea

Conducted batch conversion of 30+ business systems' WEB/WAS Based on CaaS platform Conducted conversion to container environment