search cancel

Vulnerability with Apache 2.4.53 and older for SiteMinder Agent-for-SharePoint


Article ID: 244298


Updated On:


CA Single Sign On Agents (SiteMinder)


Vulnerabilities found in Apache 2.4.53 and their remediation in Apache 2.4.54 as highlighted in

CVE-2022-26377   mod_proxy_ajp: Possible request smuggling (moderate severity)
CVE-2022-28330   read beyond bounds in mod_isapi (low severity)
CVE-2022-28614   read beyond bounds via ap_rwrite() (low severity)
CVE-2022-28615   Read beyond bounds in ap_strcmp_match() (low severity)
CVE-2022-29404   Denial of service in mod_lua r:parsebody (low severity)
CVE-2022-30522   mod_sed denial of service (low severity)
CVE-2022-30556   Information Disclosure in mod_lua with websockets (low severity)
CVE-2022-31813   mod_proxy X-Forwarded-For dropped by hop-by-hop mechanism (low severity)


Release : 12.8.x


Operating System: Windows


Apache release 2.4.54 is a cumulative fix for all published vulnerabilities impacting Apache 2.4.53 and prior.

This patch is for SiteMinder Agent for SharePoint, not standard Access Gateway (SPS).

Steps as follow:

1) Go to Services console and stop the running Agent for SharePoint
- Stop "SiteMinder Agent for SharePoint"
- Stop "SiteMinder Agent for SharePoint Proxy Engine"

2) Navigate to the Agent installation folder (for example C:\CA\Agent-for-SharePoint\)

3) Backup the original folder "httpd" and rename it as "httpd_orig"

4) Unzip

5) Copy extracted httpd folder to C:\CA\Agent-for-SharePoint\
- This will overwrite existing "httpd" folder
- As there is no "conf" folder in, there will not be overwritting of configuration folder to the existing "httpd" folder
- A window will prompt to Replace or Skip Files -- choose "Replace the files in the destination"

6) Navigate to SSL/bin folder (for example C:\CA\Agent-for-SharePoint\SSL\bin)

7) Backup the original files in C:\CA\Agent-for-SharePoint\SSL\bin

8) Unzip

9) Copy extracted files (libeay32.dll, openssl.exe, ssleay32.dll) to C:\CA\Agent-for-SharePoint\SSL\bin
- This will overwrite existing files

10) Go to Services console and start the Agent for SharePoint
- Start "SiteMinder Agent for SharePoint"
- Start ""SiteMinder Agent for SharePoint Proxy Engine"
- Check that the Apache version has changed to 2.4.54

11) Test whether Agent is working by accessing the SharePoint website

Additional Information

It is highly advisable to test in lower environment first

Attachments get_app get_app