SOI Mobile GUI vulnerability: Error Handling -
Article ID: 129671
Updated On:
Products
CA Service Operations Insight (SOI)
Issue/Introduction
Security test executed before publishing the SOI mobile gui on internet has detected this vulnerability:
- Error Handling
- Error Handling
Environment
SOI 4.2
Cause
This is the vulnerability effect as reported in related doc:
By inserting unexpected values into the parameters (for example, by entering a non-numeric value in size), the application includes the exception detail in the response.
It is necessary to capture all the exceptions generated and handle the error showing generic information as an answer.
Extend the countermeasure to the entire perimeter of the application.
By inserting unexpected values into the parameters (for example, by entering a non-numeric value in size), the application includes the exception detail in the response.
It is necessary to capture all the exceptions generated and handle the error showing generic information as an answer.
Extend the countermeasure to the entire perimeter of the application.
Resolution
A new mobile.war file is available from support
To apply it do the following steps:
1. Stop the SamUI server
2. Take a backup of C:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile.war to some other directory
3. Delete the folder C:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile
4. Copy the new war to C:\Program Files (x86)\CA\SOI\SamUI\webapps\
5. Start the SamUI server and retest.
To apply it do the following steps:
1. Stop the SamUI server
2. Take a backup of C:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile.war to some other directory
3. Delete the folder C:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile
4. Copy the new war to C:\Program Files (x86)\CA\SOI\SamUI\webapps\
5. Start the SamUI server and retest.
Additional Information
The new mobile.war can be required through a support case.
Feedback
Yes
No
Powered by
