VAIM Tomcat vulnerability - HTTP Security Header Not Detected
Article ID: 145548
Updated On:
Products
CA Virtual Assurance for IM
Issue/Introduction
VAIM Tomcat vulnerability - HTTP Security Header Not Detected
X-Frame-Options or Content-Security-Policy: frame-ancestors HTTP Headers missing on port 8443.
X-Frame-Options or Content-Security-Policy: frame-ancestors HTTP Headers missing on port 8443.
Environment
Release : 12.9
Component : VPM GENERAL
Resolution
1. Stop CAAIP Tomcat Service
2. Open directory at ~\CA\VirtualAssurance\tomcat\conf
3. Backup existing web.xml file
4. Place the shared web.xml at location ~\CA\VirtualAssurance\tomcat\conf
5. Start CAAIP Tomcat Service
2. Open directory at ~\CA\VirtualAssurance\tomcat\conf
3. Backup existing web.xml file
4. Place the shared web.xml at location ~\CA\VirtualAssurance\tomcat\conf
5. Start CAAIP Tomcat Service
Additional Information
The attached the web.xml file contains the following security headers:
[*] Header X-XSS-Protection is present! (Value: 1; mode=block)
[*] Header X-Frame-Options is present! (Value: SAMEORIGIN)
[*] Header X-Content-Type-Options is present! (Value: nosniff)
[*] Header Strict-Transport-Security is present! (Value: max-age=0)
[*] Header X-XSS-Protection is present! (Value: 1; mode=block)
[*] Header X-Frame-Options is present! (Value: SAMEORIGIN)
[*] Header X-Content-Type-Options is present! (Value: nosniff)
[*] Header Strict-Transport-Security is present! (Value: max-age=0)
Attachments
Feedback
Yes
No
Powered by
