Vulnerability found in CA Software Asset Manager(SAM) related to Browsable Web Directories

book

Article ID: 198787

calendar_today

Updated On:

Products

CA Service Management - Asset Portfolio Management CA Software Asset Manager (CA SAM)

Issue/Introduction

Title : "Browsable Web Directories" 

Threat: The GRCP review team observed that the remote web server is configured to allow listing of directories. As a result, the internal scripts of webserver can be reveal.

Impact: A remote attacker might able to view the contents/scripts of directory on the web server, which might expose some sensitive information of web server.

Recommendation:  It is recommended to disable directory listing by creating an empty index file in the relevant directory or disabling directory listing from the Directory Browsing settings in the IIS manager console.

Environment

Release : 4.3 

Component : CA SOFTWARE ASSET MANAGER

Resolution

Please disable the directory listing by following above documented steps to address the vulnerability.

Attachments