Primary Hub ASP .Net 2.0 web config file information disclosure vulnerability

book

Article ID: 145217

calendar_today

Updated On:

Products

NIMSOFT PROBES DX Infrastructure Management

Issue/Introduction

Using CA UIM 8.5.1 in my environment. Recent security scan has flagged out the following vulnerabilities on Primary Hub - Service Port 8080. 

https://www.rapid7.com/db/vulnerabilities/spider-asp-dot-net-web-config-disclosure

Have checked the server and found this port 8080 is related to a UIM default web page.
Would like to know how to address this vulnerability.

Environment

Release : 8.51/ 9.x

Component : UIM - ADMIN_CONSOLE /sevice_host

Resolution

On further investigation it was found that the web service was hosted by probe named “service_host” and the vulnerability is referring to its web.config and one of its settings.

If running UIM 8.51 and above version , the service_host probe is deprecated is not required .Can deactivate / delete this probe .

Additional Information


https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/ca-unified-infrastructure-management-probes/GA/alphabetical-probe-articles/service-host.html