Automation Engine vulnerable to OPTIONS and TRACE HTTP methods
search cancel

Automation Engine vulnerable to OPTIONS and TRACE HTTP methods

book

Article ID: 142038

calendar_today

Updated On:

Products

CA Automic Workload Automation - Automation Engine CA Automic One Automation

Issue/Introduction

REST API now returns the 405 status code when a client sends an unsupported HTTP method to an existing endpoint.

The Automation engine Servers should block any requests sent to it with request method as 'OPTIONS' or 'TRACE' in any port it's listening to.

 

Environment

Release : 12.x

Component : AUTOMATION ENGINE

Cause

An issues has been fixed where the REST API returned a 500 status code when a client sent an unsupported HTTP method to an existing endpoint. Now it returns the status code 405.

Resolution

Upgrade to fixed versions:

AWA v12.3.2, Available

AWA v12.2.5, Available

Automic will now return a 405 "Method not allowed" return code

Powered by Wolken Software