VAIM Tomcat vulnerability - HTTP Security Header Not Detected

book

Article ID: 145548

calendar_today

Updated On:

Products

CA Virtual Assurance for IM

Issue/Introduction

VAIM Tomcat vulnerability - HTTP Security Header Not Detected

X-Frame-Options or Content-Security-Policy: frame-ancestors HTTP Headers missing on port 8443.

Environment

Release : 12.9

Component : VPM GENERAL

Resolution

1. Stop CAAIP Tomcat Service
2. Open directory at  ~\CA\VirtualAssurance\tomcat\conf
3. Backup existing web.xml file
4. Place the shared web.xml at location  ~\CA\VirtualAssurance\tomcat\conf
5. Start  CAAIP Tomcat Service

Additional Information

The attached the web.xml file contains the following security headers:

[*] Header X-XSS-Protection is present! (Value: 1; mode=block)
[*] Header X-Frame-Options is present! (Value: SAMEORIGIN)
[*] Header X-Content-Type-Options is present! (Value: nosniff)
[*] Header Strict-Transport-Security is present! (Value: max-age=0)

Attachments

1582227834801__web.xml get_app