search cancel

Testing identified vulnerabilities in 12.1 Web Viewer

book

Article ID: 215954

calendar_today

Updated On:

Products

Output Management Web Viewer

Issue/Introduction

Each year our security/audit team tests various vendor products to see if they can find any issues, vulnerabilities, or things of concern. Recently, they tested the CA OM Web Viewer and flagged items for review.
Insecure Configuration Management: Hidden Directories Found. 
The application has exposed the presence of a directory in the site. Although the directory does not list its content, the information may help an attacker to develop further attacks against the site.
https://<server name>."domain".com:20110/manager

Environment

Release : 12.1

Component : CA OUTPUT MANAGEMENT WEB VIEWER FOR ALL PLATFORMS

Resolution

Upon review, the reported vulnerabilities are not in the Web Viewer application, but rather in the Apache Tomcat Manager. The Tomcat Manager or specific directories with in it may be deleted if it is a problem. Web Viewer does not require the Tomcat Manager.