The web application exposes files to the client. Some of these files are not essential for the working of the application. Furthermore, these files expose details of the inner working of the application. This information can aid in exploiting other vulnerabilities.
Some technical information about the application can be obtained.
YES: KSP-RE-266 v1.0
The following steps can be used to exploit this vulnerability:
1. Browse to the following URL: https://CAPC:8443/pc/extjs/
2. The ExtJS default interface is shown. The /examples/ endpoint is not available, denying further exploitation of this component.
Only deploy or install services, middleware and programs which are essential to the correct working of the application. If partial installations are not possible, non-essential services and functionality should be removed or disabled.
Use a subdirectory of the project as the webroot, so that adding a file to the project does not automatically expose it to the internet.
Reflect the above in the security baseline of the host in order to prevent the same finding in future assessments. The security baseline must be applied every time a host is taken into production.
How this view can be disabled in Performance Center?
Release : 3.7
Component : CA DATABASE COMMAND CENTER
Renaming / deleting / moving the index.html will fix this bug.
By doing this, it will not have any impact on the existing product functionality.
to fix it:
1.mv /opt/CA/PerformanceCenter/PC/webapps/pc/extjs/index.html /opt/CA/PerformanceCenter/PC/webapps/pc/extjs/index.bak
2.mv /opt/CA/PerformanceCenter/PC/webapps/pc/extjs/index.html /tmp