The web application exposes files to the client. Some of these files are not essential for the working of the application. Furthermore, these files expose details of the inner working of the application. This information can aid in exploiting other vulnerabilities.
Impact
Some technical information about the application can be obtained.
KSP violation
YES: KSP-RE-266 v1.0
Evidence
The following steps can be used to exploit this vulnerability:
1. Browse to the following URL: https://<NetOps Portal>:8443/pc/extjs/
2. The ExtJS default interface is shown. The /examples/ endpoint is not available, denying further exploitation of this component.
Recommendation
Release : 3.7
Component : CA DATABASE COMMAND CENTER
Renaming / deleting / moving the index.html will fix this bug.
By doing this, it will not have any impact on the existing product functionality:
1.mv /opt/CA/PerformanceCenter/PC/webapps/pc/extjs/index.html /opt/CA/PerformanceCenter/PC/webapps/pc/extjs/index.bak
2.mv /opt/CA/PerformanceCenter/PC/webapps/pc/extjs/index.html /tmp
3.rm /opt/CA/PerformanceCenter/PC/webapps/pc/extjs/index.html