Qualys security scans crash DollarU nodes
Article ID: 86661
Updated On:
Products
CA Automic Dollar Universe
Issue/Introduction
Error Message :
universe.log
##############################
| 2014-04-14 20:50:20 |ERROR|X|IO |pid=13569.3801086864| u_io_thread_trt | New client 113 (/ on ) authentication failed: Request size error (Ext-message too long (64924928 bytes, max. 32774))
##############################
the EEP and GSI log typically also contain errors at the moment of the "attack"
Patch level detected:Dollar Universe 6.1.00
Product Version: Dollar.Universe 6.1.0
Description :The utility Qualys that tests applications for vulnerabilities crashes DollarU nodes by a TCP/IP request that is longer than expected.
universe.log
##############################
| 2014-04-14 20:50:20 |ERROR|X|IO |pid=13569.3801086864| u_io_thread_trt | New client 113 (/ on ) authentication failed: Request size error (Ext-message too long (64924928 bytes, max. 32774))
##############################
the EEP and GSI log typically also contain errors at the moment of the "attack"
Patch level detected:Dollar Universe 6.1.00
Product Version: Dollar.Universe 6.1.0
Description :The utility Qualys that tests applications for vulnerabilities crashes DollarU nodes by a TCP/IP request that is longer than expected.
Environment
OS: Linux
Cause
Cause type:
Defect
Root Cause: The injection of a messages that is too long into an Authentication request cannot be handled by the IO
Defect
Root Cause: The injection of a messages that is too long into an Authentication request cannot be handled by the IO
Resolution
Update to the fix version listed below or a newer version if available.
Fix Status: Released
Fix Version(s):
Component: Application.Server
Version: Dollar.Universe 6.2.21
Fix Status: Released
Fix Version(s):
Component: Application.Server
Version: Dollar.Universe 6.2.21
Additional Information
Workaround :
N/A
N/A
Feedback
Yes
No
Powered by
