ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

VAIM Tomcat vulnerability - HTTP Security Header Not Detected


Article ID: 145548


Updated On:


CA Virtual Assurance for IM


VAIM Tomcat vulnerability - HTTP Security Header Not Detected

X-Frame-Options or Content-Security-Policy: frame-ancestors HTTP Headers missing on port 8443.


Release : 12.9

Component : VPM GENERAL


1. Stop CAAIP Tomcat Service
2. Open directory at  ~\CA\VirtualAssurance\tomcat\conf
3. Backup existing web.xml file
4. Place the shared web.xml at location  ~\CA\VirtualAssurance\tomcat\conf
5. Start  CAAIP Tomcat Service

Additional Information

The attached the web.xml file contains the following security headers:

[*] Header X-XSS-Protection is present! (Value: 1; mode=block)
[*] Header X-Frame-Options is present! (Value: SAMEORIGIN)
[*] Header X-Content-Type-Options is present! (Value: nosniff)
[*] Header Strict-Transport-Security is present! (Value: max-age=0)


1582227834801__web.xml get_app