Automation Engine vulnerable to OPTIONS and TRACE HTTP methods

book

Article ID: 142038

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine CA Automic Workload Automation - Automation Engine CA Automic One Automation

Issue/Introduction

REST API now returns the 405 status code when a client sends an unsupported HTTP method to an existing endpoint.

The Automation engine Servers should block any requests sent to it with request method as 'OPTIONS' or 'TRACE' in any port it's listening to.

 

Cause

An issues has been fixed where the REST API returned a 500 status code when a client sent an unsupported HTTP method to an existing endpoint. Now it returns the status code 405.

Environment

Release : 12.x

Component : AUTOMATION ENGINE

Resolution

Upgrade to fixed versions:

AWA v12.4.0, planned released date: 31st Mar 2020

AWA v12.3.2, Available

AWA v12.2.5, Available