new vulnerabilities Agent

book

Article ID: 221810

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

 
 

A security scan have revealed the following vulnerabilities in the agent (agent build 10.7.0.279)

Apache Commons Compress Vulnerable to Denial-of-Service (DoS) via Read of TAR Archive
CVE-2021-35517

Apache Commons Compress contains a flaw when reading a specially crafted ZIP file. An attacker could exploit this vulnerability to cause a denial-of-service (DoS).
CVE-2021-36090

Apache Commons Compress contains a flaw when reading a specially crafted 7z file. An attacker could exploit this vulnerability to cause a denial-of-service (DoS).
CVE-2021-35516

Apache Commons Compress contains a flaw when reading a specially crafted 7z file. An attacker could exploit this vulnerability to cause a denial-of-service (DoS).
CVE-2021-35515

Environment

Release : 10.7.0

Component : Integration with APM

Resolution

 

The vulnerability is handled in updates to the related Apache library.

However it cannot be upgraded without breaking Java 6 support in the agent.

As mitigation for the vulnerability, direct access to the machine is required to exploit the vulnerability.