HTTP OPTIONS Method Enabled APM Vulnerability
search cancel

HTTP OPTIONS Method Enabled APM Vulnerability

book

Article ID: 141818

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

APM Wily servers have been flagged by vulnerability scans for the following issues:

1-

 - Titles aggregated to: Self-signed TLS/SSL certificate

2-

 - HTTP OPTIONS Method Enabled

 

Environment

Release : 10.7.0

Component : APM Mangers

Resolution

Report #1 : Titles aggregated to: Self-signed TLS/SSL certificate

SSL needs to be configure by customer environment administrator with their own certificates. Please follow below documentation for SSL configuration,
Configuring Jetty Options

Report #2 : HTTP OPTIONS Method Enabled

We can disable HTTP OPTIONS method with configuration in em-jetty-config.xml and webview-jetty-config.xml file under config folder of EM installation.