SSL port 8443 vulnerability found on VNA server without SSL configured


Article ID: 195207


Updated On:


CA Virtual Network Assurance CA Performance Management - Usage and Administration DX NetOps CA Spectrum


Getting qualys vulnerability error 11827 on VNA port 8443 - CWE-693

Running a qualys security scan exposed a vulnerability on VNA port 8443.

Need to add custom response headers to this port if it is needed by VNA.

VNA server has SSL security vulnerabilities found by security scans but isn't configured for SSL.


VNA does not use port 8443, but it is exposed by default by the web browser.


Performance Management releases r3.7.14 and earlier

DX NetOps release r20.2.1


The solution for this will be included in the PM r3.7.15 and NetOps r20.2.2 releases via defect DE462717. The solution will be removal of port 8443 from VNA.

To resolve the issue prior to that please complete the following steps to disable HTTPS on VNA.

  1. On the VNA host server open the (default path) /opt/CA/VNA/wildfly/standalone/configuration/standalone.xml
  2. Edit the file by commenting out the following line:
    • <https-listener name="https" socket-binding="https" security-realm="ApplicationRealm" enable-http2="true" enabled-protocols="TLSv1.2"/>
  3. After editing the file restart the VNA wildfly service to make the change active

Additional Information