search cancel

SV- QID 11827 on DevTest 10.5 Linux server


Article ID: 189145


Updated On:


CA Cloud Test Mobile CA Application Test


 QID 11827 vulnerability patch for 10.5




Release : 10.5

Component : CA Service Virtualization


We have a patch for this issue. 
Please reference : 
DE434446 when opening a ticket with support  


Steps to install Patches:

Follow below instructions to apply the patch for 51112 port:
1. Go to <LISA_HOME>/IdentityAccessManager/standalone/configuration folder.
2. Take the back up of standalone.xml
3. Open standalone.xml of configuration folder.
4. Search for <subsystem xmlns="urn:jboss:domain:undertow:4.0"> block. It has a tag name <host>
5. In the <host > tag and below <http-invoker security-realm="ApplicationRealm"/>, add the below lines:
    <filter-ref name="X-Frame-Options"/>
    <filter-ref name="x-xss-protection"/>
    <filter-ref name="strict-transport-security"/>
    <filter-ref name="content-security-policy"/>
    <filter-ref name="x-Content-type-options"/>
6- Now add the below lines under <handlers></handlers> tag in the same <subsystem xmlns="urn:jboss:domain:undertow:4.0"> block
       <response-header name="X-Frame-Options" header-name="X-Frame-Options" header-value="SAMEORIGIN"/>
       <response-header name="x-xss-protection" header-name="X-XSS-Protection" header-value="1; mode=block"/>
       <response-header name="strict-transport-security" header-name="Strict-Transport-Security" header-value="max-age=31536000; includeSubDomains"/>
       <response-header name="content-security-policy" header-name="content-security-policy" header-value="default-src ; style-src 'unsafe-inline'; script-src * 'unsafe-inline' 'unsafe-eval'; img-src * data: 'unsafe-inline';         connect-src * 'unsafe-inline'; frame-src *;"/>
       <response-header name="x-Content-type-options" header-name="X-Content-Type-Options" header-value="nosniff"/>
7. Save and exit.
8. Restart IAM.

The fix is already available in 10.5. Ensure that you have "xssfilter-10.5.0.jar" in the <LISAHOME>/lib/dradis folder.

1505 and 2099:
Follow below instructions to apply the patch for 1505 and 2099 ports:
1. Shutdown all the running components.
2. Go to <LISA_HOME>/lib/patches (if patches folder is not present, please create it).
3. copy and paste the patch(patch_DE434446_10.5.0_GA_2099_and_1505.jar) into patches folder.
4. Start all your components.
5. Run your security scan.