CA Access Gateway (SPS) vulnerabilities CVE-2007-6750 and CVE-2012-5568
search cancel

CA Access Gateway (SPS) vulnerabilities CVE-2007-6750 and CVE-2012-5568

book

Article ID: 7973

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

I run CA Access Gateway (SPS), and we've discovered the following vulnerabilities CVE-2007-6750 and CVE-2012-5568 :

 

CVE-2007-6750 :

 

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a

denial of service (daemon outage) via partial HTTP requests, as

demonstrated by Slowloris, related to the lack of the mod_reqtimeout

module in versions before 2.2.15.

CVE-2007-6750

 

CVE-2012-5568 :

 

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

 

CVE-2012-5568

 

Environment

CA Access Gateway (SPS) 12.52 SP1 CR6

Resolution

Upgrade CA Access Gateway (SPS) to 12.52SP1CR07 to benifit the following fix :

 

00662673 - DE276198

 

OpenSSL is upgraded to OpenSSL 1.0.2k.

Apache is upgraded to Apache 2.4.25.

Apache Tomcat is upgraded to Apache Tomcat 7.0.77.0.

 

Defects Fixed in 12.52 SP1 CR07

 

Powered by Wolken Software