AWA: HTTP TRACE Enabled on REST API (Security Vulnerability)
Article ID: 145908
Updated On:
Products
CA Automic Workload Automation - Automation Engine
Issue/Introduction
During a security audit, it may be noted that the AWI is vulnerable to Cross Site Tracing via the HTTP TRACE method. (see: https://owasp.org/www-community/attacks/Cross_Site_Tracing).
Environment
Release : 12.2,12.3
Component : AUTOMATION ENGINE
Cause
Security Vulnerability
Resolution
REST API returns a 500 status code when a client sends and unsupported HTTP method to an existing endpoint.
An issues has been fixed where the REST API returned a 500 status code when a client sent an unsupported HTTP method to an existing endpoint. Now it returns the status code 405.
Fixed In:
Automation.Engine 12.2.5
Automation.Engine 12.3.2
An issues has been fixed where the REST API returned a 500 status code when a client sent an unsupported HTTP method to an existing endpoint. Now it returns the status code 405.
Fixed In:
Automation.Engine 12.2.5
Automation.Engine 12.3.2
Feedback
Yes
No
Powered by
