CPDOS attack affectation

book

Article ID: 140179

calendar_today

Updated On:

Products

CA API Gateway API SECURITY CA API Gateway Precision API Monitoring Module for API Gateway (Layer 7) CA API Gateway Enterprise Service Manager (Layer 7) STARTER PACK-7 CA Microgateway

Issue/Introduction

We have been informed of the following vulnerability "CPDoS: Cache Poisoned Denial of Service":  https://cpdos.org/

Would like to confirm if CA API Gateway could be affected by it.  The version that we have installed ios 9.3. 

Does this vulnerability no longer affect this version? In the case that affects, how is it solved?

 

Environment

Release : 9.3

Component : API GTW ENTERPRISE MANAGER

Resolution

CPDoS affects the Servers using an intermediate Cache server for caching the response. Gateway is not affected by such an attack. Plus in a normal use case, I don't think any customer will have an intermediate Cache server for caching the API responses received from the Gateway.
Even if in some cases where Gateway is serving Static content and the customer has configured an intermediate Cache server for such Static content, in those cases as well the Cache server needs to be properly configured to not cache the error responses and must comply to the policies of the HTTP standard.