Qualys QID 87358 "light Input Validation Flaw Log File Entry Injection Vulnerability" on UIM hub
search cancel

Qualys QID 87358 "light Input Validation Flaw Log File Entry Injection Vulnerability" on UIM hub

book

Article ID: 399438

calendar_today

Updated On:

Products

DX Unified Infrastructure Management (Nimsoft / UIM) CA Unified Infrastructure Management On-Premise (Nimsoft / UIM) CA Unified Infrastructure Management SaaS (Nimsoft / UIM)

Issue/Introduction

We have received an observation from the client's security team regarding a Qualys vulnerability in one of our windows hub:

Qualys QID 87358 "lighttpd Input Validation Flaw Log File Entry Injection Vulnerability [CVE-2015-3200]" on hub port 1581.

I would like to confirm if any UIM components use this port or the lighttpd product.

 

Environment

  • DX UIM 20.4

Resolution

There are no hits whatsoever in our case or knowledge article database for this high security vulnerability.

  • None of our components use port 1581 by default, and there are also zero hits for lighttpd.

  • DX UIM does not use lighttpd.

The "lighttpd Input Validation Flaw Log File Entry Injection Vulnerability" refers to a security flaw found in older versions of the lighttpd web server, specifically versions before 1.4.36.

There were also no hits for CVE-2015-3200.

Powered by Wolken Software