SOI Mobile GUI vulnerability: Error Handling -

book

Article ID: 129671

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

Security test executed before publishing the SOI mobile gui on internet has detected this vulnerability:

- Error Handling

Cause

This is the vulnerability effect as reported in related doc:

By inserting unexpected values into the parameters (for example, by entering a non-numeric value in size), the application includes the exception detail in the response.
It is necessary to capture all the exceptions generated and handle the error showing generic information as an answer.
Extend the countermeasure to the entire perimeter of the application.

Environment

SOI 4.2

Resolution

A new mobile.war file is available from support

To apply it do the following steps:

1. Stop the SamUI server

2. Take a backup of C:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile.war to some other directory

3. Delete the folder C:\Program Files (x86)\CA\SOI\SamUI\webapps\mobile

4. Copy the new war to C:\Program Files (x86)\CA\SOI\SamUI\webapps\

5. Start the SamUI server and retest.
 

Additional Information

The new mobile.war can be required through a support case.