Remediation Steps for CA PAM Proxy port 27077

book

Article ID: 145231

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) PAM SAFENET LUNA HSM CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Jetty 5.1.15 is showing the header when scanning on port 27077.
This should be removed due to audit purposes.

C:\NMAP\nmap-7.80>nmap -sV -Pn -p 27077 <CA PAM Proxy Hostname / IP Address>
Starting Nmap 7.80 ( https://nmap.org ) at 2019-11-29 15:02 India Standard Time
Nmap scan report for <CA PAM Proxy Hostname / IP Address>
Host is up (0.24s latency).


PORT STATE SERVICE VERSION    (This is the header)

27077/tcp open http Jetty 5.1.15 (Windows Server 2016/10.0 x86 java/1.8.0_201)

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 16.44 seconds

Cause

The response on nmap command showing the Jetty header values is not a listed vulnerability, even if the default port is modified and a scan on the new port is performed the same results are displayed.

The display of the header values for Jetty is not a classified vulnerability and does not impact the way the product works.

Environment

Release : 3.1.1 and higher

Component : PRIVILEGED ACCESS MANAGEMENT

Resolution

As per engineering team this is the expected behavior, an product enhancement needs to be in place for making any change to this behavior and also this is not a classified vulnerability.

The only other possibility is to use the "Windows Remote" connector for the Windows Target device in place of deploying CA PAM Proxy.

Do refer to the product documentation regarding 'Windows Remote' and 'CA PAM Proxy' to know more and choose the best option.