We have been informed of the following vulnerability "CPDoS: Cache Poisoned Denial of Service": https://cpdos.org/
Would like to confirm if CA API Gateway could be affected by it. The version that we have installed ios 9.3.
Does this vulnerability no longer affect this version? In the case that affects, how is it solved?
Release : 9.3
Component : API GTW ENTERPRISE MANAGER
CPDoS affects the Servers using an intermediate Cache server for caching the response. Gateway is not affected by such an attack. Plus in a normal use case, I don't think any customer will have an intermediate Cache server for caching the API responses received from the Gateway.
Even if in some cases where Gateway is serving Static content and the customer has configured an intermediate Cache server for such Static content, in those cases as well the Cache server needs to be properly configured to not cache the error responses and must comply to the policies of the HTTP standard.