Vulnerability for /docs and /examples on CA Access Gateway (SPS)
search cancel

Vulnerability for /docs and /examples on CA Access Gateway (SPS)


Article ID: 246515


Updated On:


SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)



When running a CA Access Gateway (SPS), the vulnerability about for /docs and /examples resource has been found (1).




At first glance, out of the box, CA Access Gateway (SPS) runs an embedded Tomcat. This embedded Tomcat CA Access Gateway (SPS) doesn't have this issue.

Out of the box CA Access Gateway (SPS) doesn't listen on port 8888. But even trying to reach the undesirable resources on Tomcat on port 8080, the Tomcat server reports that those resources don't exist (404) already. 404 404 404

In the CA Access Gateway (SPS) Tomcat configuration, there's no application called "doc" or "examples":

  drwxrwxr-x  6 nobody root      109 2021-01-28  affwebservices
  drwxrwxr-x  4 nobody root       37 2021-01-19  CA_AuthAZ
  drwxrwxr-x  7 nobody root       98 2021-01-19  castylesr5.1.3
  -rwxrwxr-x  1 nobody root   383150 03-06 22:08 castylesr5.1.3.war
  drwxrwxr-x  7 nobody root       74 2021-01-19  chs
  drwxrwxr-x 18 nobody root     4096 06-14 11:44 proxyui
  drwxrwxr-x  3 nobody root      223 2021-01-19  ROOT
  drwxrwxr-x  5 nobody root      102 06-14 11:44 sessionassuranceapp
  drwxr-xr-x  4 nobody nobody    334 2021-01-19  sts-sps

Additional Information



    Apache Tomcat Default Files