search cancel

CA Access Gateway (SPS) Apache is upgraded to Apache 2.4.25.

book

Article ID: 8767

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

We're running CA Access Gateway (SPS) and we have discovered an Apache vulnerability that could affect it:

 

A Denial of Dervice (DoS) vulnerability is present in the embedded HTTP Server. 

 

The DoS occurs because the HTTP Server allows incomplete connections to stay open for an unnecessary period of time. Processes are a limited resource, and thus the HTTP Server cannot have infinite connections but instead a limited number of clients connected at the same time. The attacker will create multiple slow incomplete connection requests to the HTTP Server causing it to reach the connections limit and make the Server to stop responding to other incoming requests.

 

How can we upgrade the Apache server to fix this?

Environment

CA Access Gateway (SPS) R12.52 SP1

Resolution

Upgrade CA Access Gateway (SPS) to R12.52 SP1 CR07 to fix it. The embedded Apache version has been upgraded to 2.4.25 to solve this issue.

 

Defects Fixed in R12.52 SP1 CR07:

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr07