search cancel

Aquascan found HIGH vulnerability in netty-codec-http.jar

book

Article ID: 189911

calendar_today

Updated On:

Products

CA Application Performance Management Agent (APM / Wily / Introscope) CA Application Performance Management (APM / Wily / Introscope) INTROSCOPE DX Application Performance Management

Issue/Introduction

We used the LATEST build which shows that the vulnerability still exists:


/opt/wily/releases/11.1/core/ext/lib/netty-codec-http.jar

high

7.5

io.netty:netty-all:4.1.42.Final,io.netty:netty-codec-htt:4.1.42.Final



Step 16/19 : RUN cat /opt/wily/releases/11.1/manifest.txt

---> Running in bb6c3ed48f3e

MuleESB v11.1.4.29:11.1.4.29

Automatic Attribute Decoration v11.1.4.29:11.1.4.29

MQ v11.1.4.29:11.1.4.29

Simpleframework v11.1.4.29:11.1.4.29

jsmpp v11.1.4.29:11.1.4.29

OkHttp v11.1.4.29:11.1.4.29

tibcobw v11.1.4.29:11.1.4.29

Elasticsearch v11.1.4.29:11.1.4.29

Couchbase v11.1.4.29:11.1.4.29

Spring v11.1.4.29:11.1.4.29

Spring Reactive Monitoring v11.1.4.29:11.1.4.29

Azure Backend Tracing v11.1.4.29:11.1.4.29

AWS Backend Tracing v11.1.4.29:11.1.4.29

Spring Boot v11.1.4.29:11.1.4.29

Spring RabbitMQ v11.1.4.29:11.1.4.29

Spring Mongo v11.1.4.29:11.1.4.29

Spring Async v11.1.4.29:11.1.4.29

Web Services Correlation v11.1.4.29:11.1.4.29

Servlets & JSPs v11.1.4.29:11.1.4.29

Override TurnOn: ServletFilterTracing with instrument.ServletFilterTracing=off

HTTP Backends v11.1.4.29:11.1.4.29

Web Services v11.1.4.29:11.1.4.29

Command Center v11.1.4.29:11.1.4.29

JNDI v11.1.4.29:11.1.4.29

Environment

Release : 20.0

Component : APM Agents

Cause

Engineering provided a fix 

Resolution

Agent updated with the fix DX SaaS Agent 20.1.0.44