Vulnerability CVE-2021-44224 in CA Access Gateway (SPS)

search cancel

Vulnerability CVE-2021-44224 in CA Access Gateway (SPS)

book

Article ID: 231232

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) SITEMINDER

Issue/Introduction

When running CA Access Gateway (SPS), the embedded Apache Web Server is
vulnerabile to CVE-2021-44224 (1).

Environment

CA Access Gateway (SPS) 12.8SP5
CA Access Gateway (SPS) 12.8SP6

Resolution

Upgrade CA Access Gateway (SPS) to 12.8SP7 when this one will be available.

Additional Information

(1)

    CVE-2021-44224

      A crafted URI sent to httpd configured as a forward proxy
      (ProxyRequests on) can cause a crash (NULL pointer dereference) or,
      for configurations mixing forward and reverse proxy declarations, can
      allow for requests to be directed to a declared Unix Domain Socket
      endpoint (Server Side Request Forgery). This issue affects Apache HTTP
      Server 2.4.7 up to 2.4.51 (included).

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44224

Feedback

thumb_up Yes

thumb_down No