Cache Management Insecure Policy Vulnerability in spectrum
search cancel

Cache Management Insecure Policy Vulnerability in spectrum

book

Article ID: 199023

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction

Vulnerability scanner found Cache Management: Insecure Policy vulnerability in oneclick

 

Environment

Release : 10.4

Component : Spectrum OneClick

Resolution

To secure OneClick and protect against the attack use the following procedure to prevent Cache Management Insecure policy
 
Edit $SPECROOT/tomcat/conf/web.xml
 
Find for httpHeaderSecurity filter as given below
 

<!-- The mapping for the HTTP header security Filter -->

    <filter-mapping>
        <filter-name>httpHeaderSecurity</filter-name>
        <url-pattern>/*</url-pattern>
        <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
 

Now add filters as given below 
 
<filter>
  <filter-name>ExpiresFilter</filter-name>
  <filter-class>org.apache.catalina.filters.ExpiresFilter</filter-class>
  <init-param>
   <param-name>ExpiresDefault</param-name>
   <param-value>A86400</param-value>
   <!-- 1 DAY -->
  </init-param>
 </filter>
    
    <filter-mapping>
       <filter-name>ExpiresFilter</filter-name>
       <url-pattern>/*</url-pattern>
       <dispatcher>REQUEST</dispatcher>
    </filter-mapping>
 
Web.xml will look like as below after modification
 

Note: The ExpiresFilter A86400 value defines, in seconds, the amount of time it takes for a cached copy of a resource to expire.

After expiring, a browser must refresh its version of the resource by sending another request to a server.

Save web.xml

Restart Spectrum Tomcat Service

Additional Information

When upgrading Spectrum in the future it is likely that the changes to the web.xml file will be lost. You will 
    need to add these changes back after the upgrade is complete.

Attachments