This article gives detail steps how Service Desk admins can modify the web.xml file to address the Service Desk Tomcat HSTS(HTTP Strict Transport Security) vulnerability.

 CA Service Desk Manager 17.3 and up 

 Service Desk admin can follow these steps 

1. Ensure that SSL is enabled for CA Service Desk Manger.

2. Ensure that the following information should be added in the web.xml file of SDM-install-folder\bopcfg\www\CATALINA_BASE\webapps\CAisd\WEB-INF
Add configuration under the <!-- Add filter here --> statement:

Filter Definition
<filter>
<filter-name>httpHeaderSecurity</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<async-supported>true</async-supported>
<init-param>
<param-name>hstsMaxAgeSeconds</param-name>
<param-value>31536000</param-value>
</init-param>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
<init-param>
<param-name>blockContentTypeSniffingEnabled</param-name>
<param-value>false</param-value>
</init-param>
</filter>

Add following configuration under the <!-- Add filter-mapping here --> statement:

Filter Mapping
<filter-mapping>
<filter-name>httpHeaderSecurity</filter-name>
<url-pattern>/*</url-pattern>
<dispatcher>REQUEST</dispatcher>
</filter-mapping>

And save the changes

Note: it is always a good idea to back up the web.xml file before the changes.

3. Restart the Tomcat or CA Service Desk Manager Services.

For other Tomcat related Service Desk services, similar approach can be used. For example, one can change the web.xml in SDM-install-folder\bopcfg\www\CATALINA_BASE_VIZ\webapps\CMDBVisualizer\WEB-INF the same way for Visualizer.