search cancel

Problems with ghostcat fix


Article ID: 188645


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER


We're running a CA Access Gateway (SPS) and after applying the

GhostCat patch, when the browser reaches / url, then the browser
receives 503 return code :

    503 Service Unavailable

      The server cannot handle the request (because it is overloaded or
      down for maintenance). Generally, this is a temporary state.[

We get this issue each time you apply GhostCAt fix :


    cksum ./ghostcat/proxyrt.jar
    502116040 134659 ./ghostcat/proxyrt.jar


    cksum ./ghostcat2/proxyrt.jar
    647660834 134616 ./ghostcat2/proxyrt.jar

as per documentation here :

    Fix CVE-2020-1938 Vulnerability in Apache Tomcat

How can we fix this ?


  CA Access Gateway (SPS) 12.8SP0 on RedHat 6;

  CA Access Gateway (SPS) 12.8SP0 on Windows 2016;


On the CA Access Gateway (SPS) machine, run the following commands

as root or Administrator :

On Linux : 

Edit /etc/sysctl.conf and add:

net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1

On Windows :

  1. Start > Run > Regedit
  2. Navigate to
  3. Create a new DWORD (32 bit) named DisabledComponents
  4. Set the value to Hex: ff (To enable IPv6, enter Hex: 0)

Reboot the CA Access Gateway (SPS) machine.