search cancel

SV- QID 11827 on DevTest 10.5 Linux server

book

Article ID: 189145

calendar_today

Updated On:

Products

CA Cloud Test Mobile CA Application Test

Issue/Introduction

 QID 11827 vulnerability patch for 10.5

 

 

Environment

Release : 10.5

Component : CA Service Virtualization

Resolution

We have a patch for this issue. 
Please reference : 
DE434446 when opening a ticket with support  

 

Steps to install Patches:
==========================

51112:
-------
Follow below instructions to apply the patch for 51112 port:
1. Go to <LISA_HOME>/IdentityAccessManager/standalone/configuration folder.
2. Take the back up of standalone.xml
3. Open standalone.xml of configuration folder.
4. Search for <subsystem xmlns="urn:jboss:domain:undertow:4.0"> block. It has a tag name <host>
5. In the <host > tag and below <http-invoker security-realm="ApplicationRealm"/>, add the below lines:
    <filter-ref name="X-Frame-Options"/>
    <filter-ref name="x-xss-protection"/>
    <filter-ref name="strict-transport-security"/>
    <filter-ref name="content-security-policy"/>
    <filter-ref name="x-Content-type-options"/>
6- Now add the below lines under <handlers></handlers> tag in the same <subsystem xmlns="urn:jboss:domain:undertow:4.0"> block
    <filters>
       <response-header name="X-Frame-Options" header-name="X-Frame-Options" header-value="SAMEORIGIN"/>
       <response-header name="x-xss-protection" header-name="X-XSS-Protection" header-value="1; mode=block"/>
       <response-header name="strict-transport-security" header-name="Strict-Transport-Security" header-value="max-age=31536000; includeSubDomains"/>
       <response-header name="content-security-policy" header-name="content-security-policy" header-value="default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline';         connect-src * 'unsafe-inline'; frame-src *;"/>
       <response-header name="x-Content-type-options" header-name="X-Content-Type-Options" header-value="nosniff"/>
    </filters>
7. Save and exit.
8. Restart IAM.

1506:
------
The fix is already available in 10.5. Ensure that you have "xssfilter-10.5.0.jar" in the <LISAHOME>/lib/dradis folder.


1505 and 2099:
-----------------
Follow below instructions to apply the patch for 1505 and 2099 ports:
1. Shutdown all the running components.
2. Go to <LISA_HOME>/lib/patches (if patches folder is not present, please create it).
3. copy and paste the patch(patch_DE434446_10.5.0_GA_2099_and_1505.jar) into patches folder.
4. Start all your components.
5. Run your security scan.