We're running a CA Access Gateway (SPS) and after applying the
GhostCat patch, when the browser reaches / url, then the browser
receives 503 return code :
503 Service Unavailable
The server cannot handle the request (because it is overloaded or
down for maintenance). Generally, this is a temporary state.[
https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
We get this issue each time you apply GhostCAt fix :
SS12449
cksum ./ghostcat/proxyrt.jar
502116040 134659 ./ghostcat/proxyrt.jar
SS12488
cksum ./ghostcat2/proxyrt.jar
647660834 134616 ./ghostcat2/proxyrt.jar
as per documentation here :
Fix CVE-2020-1938 Vulnerability in Apache Tomcat
http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8-03/troubleshooting/ca-access-gateway-troubleshooting.html#concept.dita_3c58f8538a3792160c8b1c07691f625691ccb958_FixCVE-2020-1938VulnerabilityinApacheTomcat
How can we fix this ?
On the CA Access Gateway (SPS) machine, run the following commands
as root or Administrator :
On Linux :
Edit /etc/sysctl.conf and add:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
On Windows :
1. Start > Run > Regedit
2. Navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\TCPIP6\Parameters
3. Create a new DWORD (32 bit) named DisabledComponents
4. Set the value to Hex: ff (To enable IPv6, enter Hex: 0)
Reboot the CA Access Gateway (SPS) machine.