search cancel

DX Netops Spectrum: Request Smuggling Vulnerability - Java JRE 11 Version

book

Article ID: 254263

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

166906 Apache Tomcat 9.0.0-M1 < 9.0.68 Request Smuggling Vulnerability
  Path              : /spectrum/webtomcat/bin/
  Installed version : 9.0.65  >>> should be 9.0.68
High
166316 Oracle Java SE Multiple Vulnerabilities (October 2022 CPU)
Path              : /spectrum/Install-Tools/jre11/
  Installed version : 11.0.16  >>> should be 11.0.17
Medium

When is it planned to remediate the above findings?

Environment

Release : 22.2

Resolution

Apache Tomcat 9.0.68 (US852890) is currently slated for Spectrum in NetOps 22.2.4.

While Spectrum still uses Java 8, there is a small part that uses Java 11.  NetOps plans to upgrade to AdoptOpenJDK 11.0.17+8 (F129633) for the 22.2.5 release.