API Gateway c3p0 vulnerability
search cancel

API Gateway c3p0 vulnerability

book

Article ID: 201909

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Is the layer7 gateway vulnerable to CVE-2018-20433, c3p0 0.9.5.2 allows XXE in extractXmlConfigFromInputStream in com/mchange/v2/c3p0/cfg/C3P0ConfigXmlUtils.java during initialization.

Environment

All supported versions of the CA API Gateway

Resolution

The Gateway is not affected by this vulnerability as it does not use the XML configuration for c3p0.

Powered by Wolken Software