CA iDash v12.1.00.00-0427 Tomcat Vulnerability
Article ID: 189274
Updated On:
Products
iDash Workload Automation
Issue/Introduction
There is a vulnerability associated with iDash (v12.1.00.00-0427 - bundled Tomcat8). What is the process for handling this vulnerability?
Title: (CVE-2019-17563) Apache Tomcat FORM Authentication Session Fixation Vulnerability
Technical Description:
When using FORM authentication with Apache Tomcat 9.0.0.M1 to 9.0.29, 8.5.0 to 8.5.49 and 7.0.0 to 7.0.98 there was a narrow window where an attacker could perform a session fixation attack. The window was considered too narrow for an exploit to be practical but, erring on the side of caution, this issue has been treated as a security vulnerability.
Technical Detail:
/djs-as1/apps/idash/tomcat8 [PID:] 14197
Environment
Release : 12.1
Component : CA WORKLOAD AUTOMATION AE IDASH
Resolution
There isn't a process for upgrading Tomcat outside of the release cadence. When a new versions of iDash is released, we will upgrade the
bundled Tomcat to the newest version, which will address vulnerabilities.
bundled Tomcat to the newest version, which will address vulnerabilities.
Feedback
Yes
No
Powered by
