ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Vulnerabilities with Apache 2.4.52 and older on Siteminder Access Gateway 12.8.x


Article ID: 237408


Updated On:




The following vulnerabilities and remediation's were published by on 03/14/2022.

SEVERITY: moderate: 
DESCRIPTION: 'mod_lua' Use of uninitialized value of in r:parsebody 
AFFECTS: 2.4.52 and older
REMEDIATION: Apache 2.4.53

SEVERITY: important
DESCRIPTION: HTTP request smuggling vulnerability in Apache HTTP Server 2.4.52 and earlier 
AFFECTS: 2.4.52 and older
REMEDIATION: Apache 2.4.53

DESCRIPTION: core: Possible buffer overflow with very large or unlimited LimitXMLRequestBody 
AFFECTS: 2.4.52 and older
REMEDIATION: Apache 2.4.53

SEVERITY: important
DESCRIPTION:  'mod_sed' Read/write beyond bounds 
AFFECTS: 2.4.52 and older
REMEDIATION: Apache 2.4.53


Release : 12.8.x

Component : Siteminder Access Gateway Server

Operating System: Linux



All published vulnerabilities impacting Apache 2.4.52 or older can be remediated with Apache 2.4.53.  This release is a cumulative fix for all published vulnerabilities impacting Apache 2.4.52 and older releases on the 2.4.x platform. r12.8.6 and higher on Windows r12.8.5 and older on Windows  r12.8.x (any version) on Linux


Upgrade Apache for Access Gateway on Windows

Download and apply Apache 2.4.53 for Access Gateway on Windows:

1) Download ""

2) Copy "" to the Access Gateway Server

3) Decompress ""

4) Stop the running Access gateway instance.

5) Navigate to Access Gateway installation directory 

DEFAULT: "C:\program files\CA\secure-proxy

6)  Back-up of the existing "httpd" directory by renaming it "httpd_orig".

DEFAULT: "C:\program files\CA\secure-proxy\httpd\"

7)  Copy the "httpd" folder from "" to "C:\program files\CA\secure-proxy\"

8)  Restore the "\conf" directory from "httpd_orig" to the new "C:\program files\CA\secure-proxy\httpd\"

C:\program files\CA\secure-proxy\httpd_orig\conf

9) Start the Access Gateway instance again.


Upgrade Apache for Access Gateway on Linux

1)    Stop the running Access gateway.

2)    Navigate to the Access Gateway installation directory /opt/CA/secure-proxy/

3)    take the back up of original folder /httpd to /httpd_orig

4)    Unzip the attachment file and change the permissions appropriately (755) for all files, then copy the <patch>/Release/ folder to /opt/CA/secure-proxy/httpd/

cp -r /<patchdir>/<Release>/* /opt/CA/secure-proxy/httpd/

5)    copy below files from original  /httpd_orig  to  /httpd

cp -r httpd_orig/conf  httpd/
cp httpd_orig/bin/apachectl httpd/bin/
cp httpd_orig/bin/apr-1-config  httpd/bin/
cp httpd_orig/bin/apu-1-config httpd/bin/
cp httpd_orig/bin/apxs httpd/bin/
cp httpd_orig/bin/envvars httpd/bin/
cp httpd_orig/bin/envvars-std  httpd/bin/

6)    Start the Access Gateway.

Additional Information

Upgrade Instructions


Attachments get_app get_app get_app