ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Security problem with HTTP TRACE Requests
Article ID: 239500
Updated On:
Products
CA API Gateway
Issue/Introduction
We have a security problem with the Layer7 API Gateway 10.1 CR01
There was a pentest and hereby we found a problem with the implementation of the TRACE method in Layer7 API Gateway.
The return of 405 is ok, but the mirroring of the input headers (e.g. the authorization-header) is a security issue.
Environment
Release : 10.1
Component : API GATEWAY
Resolution
This will be fixed in CR2 as it was caused by a upgrade of tomcat library files
Feedback
Yes
No
Powered by
