SPS servers vulnerable to an XXE injection attack

book

Article ID: 7457

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) AXIOMATICS POLICY SERVER CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

During security audit tests we found that our SPS server could be vulnerable to an XXE injection attack due to a XML SOAP Vulnerability.

Environment

SPS R12.52 SP1 CR00

Resolution

This has been fixed in R12.52 SP1 CR06, however you can solve this if affected in previous releases by applying the following steps:


1) On SPS go to /secure-proxy/Tomcat/webapps/affwebservices/WEB-INF folder.
2) Make a backup of web.xml file.
3) Stop SPS.
4) Edit web.xml and locate section (as shown below)
5) Remove or comment out the entire "router" servlet section.
6) Restart SPS.


<servlet>
    <servlet-name>router</servlet-name>
    <display-name>Apache-SOAP RPC Router</display-name>
    <description>This is the main servlet that dispatches the SOAP requests to registered web services</description>
    <servlet-class>org.apache.soap.server.http.RPCRouterServlet</servlet-class>
    <init-param>
      <param-name>faultListener</param-name>
      <param-value>org.apache.soap.server.DOMFaultListener</param-value>
    </init-param>
</servlet>

Additional Information

Defects Fixed in 12.52 SP1 CR06

00424351DE172435

CA Access Gateway is vulnerable to an XXE injection attack and able to retrieve confidential data and access sensitive files on the server, for example the "passwd" file.