Qualys security scans crash DollarU nodes

book

Article ID: 86661

calendar_today

Updated On:

Products

CA Automic Dollar Universe

Issue/Introduction

Error Message :
universe.log
##############################
| 2014-04-14 20:50:20 |ERROR|X|IO |pid=13569.3801086864| u_io_thread_trt | New client 113 (/ on ) authentication failed: Request size error (Ext-message too long (64924928 bytes, max. 32774)) 
##############################

the EEP and GSI log typically also contain errors at the moment of the "attack"

Patch level detected:Dollar Universe 6.1.00
Product Version: Dollar.Universe 6.1.0

Description :The utility Qualys that tests applications for vulnerabilities crashes DollarU nodes by a TCP/IP request that is longer than expected.

Cause

Cause type:
Defect
Root Cause: The injection of a messages that is too long into an Authentication request cannot be handled by the IO

Environment

OS: Linux

Resolution

Update to the fix version listed below or a newer version if available.

Fix Status: Released

Fix Version(s):
Component: Application.Server
Version: Dollar.Universe 6.2.21

Additional Information

Workaround :
N/A