CA APM Infrastructure Agent Release 10.7.0.45 (Build 990045) is installed in OpenShift.
Nessus scan has revealed a vulnerability in the CA APM application running in OpenShift.
Nessus Scan Report:
“A remote web application uses a framework that is affected by code execution and file overwrite vulnerabilities.
The remote web application appears to use Struts 2, a web framework that uses XWork.
Due to flaws in multiple Struts2 'Interceptor' classes (CookieInterceptor, ParametersInterceptor, and DebuggingInterceptor)
that fail to properly sanitize user-supplied input, a remote attacker can run arbitrary Java code or overwrite
files on the remote host by sending a specially crafted HTTP request.
Upgrade to Struts2 22.214.171.124 or later.
This was verified using the following : HTTP request :
GET / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0)
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*
[email protected] /root:>oc exec -n caapm caagent-nxnvf -- ss -tulpn|grep 32021
tcp LISTEN 0 128 :::32021 :::*
Per engineering, there is some issue and have updated the image in the dockerHub with the fix.
Release : 10.7.0
Component : APM Agents
Download the updated version from dockerHub.
If connecting with 10.7 EM, need to pass this additional environmental variable on both the DaemonSet and Deployment definition of the YAML file
- name: apmenv_introscope_agent_connection_compatibility_version value: "10.7"