Apache Vulnerabilities CVE-2024-40725 and CVE-2024-40898 in SPS
search cancel

Apache Vulnerabilities CVE-2024-40725 and CVE-2024-40898 in SPS

book

Article ID: 373853

calendar_today

Updated On:

Products

SITEMINDER CA Single Sign On Secure Proxy Server (SiteMinder)

Issue/Introduction


Running CA Access Gateway (SPS) 12.8SP8CR01, has the embedded Apache server been vulnerable to CVE-2024-40725 and CVE-2024-40898?

 

Environment


CA Access Gateway (SPS) 12.8SP1CR01 on Oracle Linux Server 8.9;

 

Resolution


CA Access Gateway (SPS) 12.8SP8CR01 runs with Apache 2.4.58 (1).

Reading the Apache foundation vulnerability page, the vulnerability CVE-2024-40725 affects only Apache 2.4.60 and 2.4.61 (2).

And the vulnerability CVE-2024-40898 affects only the Windows version of Apache (2).

So, running CA Access Gateway (SPS) 12.8SP8CR01 on Linux, none of the mentioned vulnerability CVE-2024-40725 nor CVE-2024-40898 is applicable.
  
Note that the Policy Server doesn't bring an embedded Apache server and as such, it is not vulnerable to CVE-2024-40725 and CVE-2024-40898.

 

Additional Information

Powered by Wolken Software