We're running a CA Access Gateway (SPS) and we've discovered
vulnerabilities. We'd like to know how to upgrade the embedded Apache
server to version equal or higher of 2.4.42 ?
We run at the moment :
CA Access Gateway (SPS) 12.52SP1CR01
At first glance, SPS 12.52SP1CR01 is out of support as per EOL-EOS notice :
CA Single Sign-On r12.52 End of Service Announcement
https://techdocs.broadcom.com/us/product-content/status/announcement-documents/2017/ca-single-sign-on-r12-52-end-of-service-announcement.html?r=2
More, in order to get CA Access Gateway (SPS) you need to upgrade the
version to 12.8SP4 which runs Apache 2.4.43 as per our Release Notes :
Defects Fixed in 12.8.04
20068805, 31819372, 20243712, 31789696, 31790096, 31799363, 31821485
DE432477, DE444233, DE451026, DE451486 Apache is upgraded to Apache
2.4.43, OpenSSL is upgraded to OpenSSL 1.0.2u, and Tomcat is upgraded
to 7.0.104.
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-identity-and-access-management/single-sign-on/12-8/release-notes/service-packs/Defects-Fixed-in-12_8_04.html#concept.dita_94165a57-6b0d-4105-91d3-53d482bf212b_smsps
Finally, CA Access Gateway (SPS) 12.8SP4 is supported on RedHat 7 as
per our Support Matrix :
Symantec SiteMinder (previously CA Single Sign-On) 12.8
2.1 Operating System for Policy Server, SDK & Access Gateway
The following table lists SiteMinder server components and Access
Gateway support for Operating Systems
| SiteMinder | Red Hat |
| Component | |
|----------------+---------|
| Access Gateway | 7 |
| 64 bit | 6 |
p.2
https://ftpdocs.broadcom.com/phpdocs/7/5262/5262-12-8-platform-support-matrix.pdf
Note that :
- SPS 12.8SP4 is compatible with other Web Agent version;
- SPS 12.8SP4 is not compatible with the Policy Server 12.8SP2, as
stated by our Support Matrix :
4.1 Policy Server and Agents Compatibility
All other usage patterns (e.g. reverse proxy, federation, Rest
interface, session linking) are supported with the 12.8 Policy
Server in combination with earlier versions of the Access Gateway.
https://ftpdocs.broadcom.com/cadocs/0/contentimages/Symantec%20SiteMinder_12_8_Platform%20Support%20Matrix_24August2020.pdf
We strongly suggest you to run SPS version being the same as Policy
Server in order to have the new or changed functionality aligned
with SPS as this following among the others :
OIDC endpoint URLs
https://knowledge.broadcom.com/external/article?articleId=193287