search cancel

Web Server Apache vulnerabilty


Article ID: 199990


Updated On:


CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) SITEMINDER



We're running a CA Access Gateway (SPS) and we'd like to know how to
prevent it from the following vulnerabilities :


     A specially crafted value for the 'Cache-Digest' header in a HTTP/2 request

     Apache HTTP server 2.4.32 to 2.4.44 mod_proxy_uwsgi info disclosure and possible RCE

     When trace/debug was enabled for the HTTP/2 module and on certain traffic edge pattern

We noted that SPS runs Apache 2.4.43 :

  Defects Fixed in 12.8.04

    20068805, 31819372, 20243712, 31789696, 31790096, 31799363, 31821485
    DE432477, DE444233, DE451026, DE451486 Apache is upgraded to Apache
    2.4.43, OpenSSL is upgraded to OpenSSL 1.0.2u, and Tomcat is
    upgraded to 7.0.104.

How can we fix this ?




At first glance, these vulnerabilities are present when the Apache
uses mod_http2 or mod_proxy_uwsgi. Out of the box, CA Access Gateway
(SPS) 12.8 doesn't load these module as per documentation :

   Review Embedded Servers for Vulnerabilities

As such, the CA Access Gateway (SPS) 12.8SP4 is not vulnerable to the
3 vulnerabilities mentioned.