ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Vulnerabilities with Apache 2.4.52 and older on Siteminder Access Gateway 12.8.x

book

Article ID: 237408

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

The following vulnerabilities and remediation's were published by apache.org on 03/14/2022.

CVE-2022-22719
SEVERITY: moderate: 
DESCRIPTION: 'mod_lua' Use of uninitialized value of in r:parsebody 
AFFECTS: 2.4.52 and older
REMEDIATION: Apache 2.4.53

CVE-2022-22720
SEVERITY: important
DESCRIPTION: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier 
AFFECTS: 2.4.52 and older
REMEDIATION: Apache 2.4.53

CVE-2022-22721
SEVERITY: low
DESCRIPTION: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 
AFFECTS: 2.4.52 and older
REMEDIATION: Apache 2.4.53

CVE-2022-23943
SEVERITY: important
DESCRIPTION:  'mod_sed' Read/write beyond bounds 
AFFECTS: 2.4.52 and older
REMEDIATION: Apache 2.4.53

Environment

Release : 12.8.x

Component : Siteminder Access Gateway Server

Operating System: Linux

Resolution

 

All published vulnerabilities impacting Apache 2.4.52 or older can be remediated with Apache 2.4.53.  This release is a cumulative fix for all published vulnerabilities impacting Apache 2.4.52 and older releases on the 2.4.x platform.  

httpd_2453_win64_12806.zip: r12.8.6 and higher on Windows

httpd_2453_win64_12805.zip: r12.8.5 and older on Windows

httpd_2453_linux64bit_1647888649912.zip:  r12.8.x (any version) on Linux

 

Upgrade Apache for Access Gateway on Windows

Download and apply Apache 2.4.53 for Access Gateway on Windows:

1) Download "httpd_2453_win64_1280x.zip"

2) Copy "httpd_2453_win64_1280x.zip" to the Access Gateway Server

3) Decompress "httpd_2453_win64_1280x.zip"

4) Stop the running Access gateway instance.

5) Navigate to Access Gateway installation directory 

DEFAULT: "C:\program files\CA\secure-proxy

6)  Back-up of the existing "httpd" directory by renaming it "httpd_orig".

DEFAULT: "C:\program files\CA\secure-proxy\httpd\"

7)  Copy the "httpd" folder from "httpd_2453_win64_12806.zip" to "C:\program files\CA\secure-proxy\"

8)  Restore the "\conf" directory from "httpd_orig" to the new "C:\program files\CA\secure-proxy\httpd\"

C:\program files\CA\secure-proxy\httpd_orig\conf

9) Start the Access Gateway instance again.

 

Upgrade Apache for Access Gateway on Linux

1)    Stop the running Access gateway.

2)    Navigate to the Access Gateway installation directory /opt/CA/secure-proxy/

3)    take the back up of original folder /httpd to /httpd_orig

4)    Unzip the attachment file and change the permissions appropriately (755) for all files, then copy the <patch>/Release/ folder to /opt/CA/secure-proxy/httpd/

cp -r /<patchdir>/<Release>/* /opt/CA/secure-proxy/httpd/

5)    copy below files from original  /httpd_orig  to  /httpd

cp -r httpd_orig/conf  httpd/
cp httpd_orig/bin/apachectl httpd/bin/
cp httpd_orig/bin/apr-1-config  httpd/bin/
cp httpd_orig/bin/apu-1-config httpd/bin/
cp httpd_orig/bin/apxs httpd/bin/
cp httpd_orig/bin/envvars httpd/bin/
cp httpd_orig/bin/envvars-std  httpd/bin/

6)    Start the Access Gateway.

Additional Information

Upgrade Instructions

 

Attachments

httpd_2453_win64_12806_1647982269257.zip get_app
httpd_2453_win64_12805_1647982253272.zip get_app
httpd_2453_linux64bit_1647888649912.zip get_app