Vulnerability in Bouncy Castle 1.0.2.4 (bc-fips-1.0.2.4.jar) on Siteminder Access Gateway r12.9 and older
search cancel

Vulnerability in Bouncy Castle 1.0.2.4 (bc-fips-1.0.2.4.jar) on Siteminder Access Gateway r12.9 and older

book

Article ID: 409533

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

A security scan may flag the following Bouncy Castle for Java file (bc-fips-1.0.2.4 or older) on Siteminder r12.9 or older Access Gateway Server 

<Install_Dir>/CA/secure-proxy/agentframework/java/bc-fips-1.0.2.4.jar
<Install_Dir>/CA/secure-proxy/Tomcat/webapps/affwebservices/WEB-INF/lib/bc-fips-1.0.2.4.jar
<Install_Dir>/CA/secure-proxy/Tomcat/thirdparty/bc-fips-1.0.2.4.jar
<Install_Dir>/CA/secure-proxy/Tomcat/federation_apps/sts/webapps/WEB-INF/lib/bc-fips-1.0.2.4.jar

 

Environment

PRODUCT: Symantec Siteminder

COMPONENT: Access Gateway Server

VERSION: r12.9 and older

OPERATING SYSTEM: Windows and Linux

Cause

CVE-2025-8885

DESCRIPTION:  Allocation of Resources Without Limits or Throttling vulnerability in Legion of the Bouncy Castle Inc. Bouncy Castle for Java bcprov, bc-fips on All (API modules) allows Excessive Allocation. This vulnerability is associated with program files https://github.Com/bcgit/bc-java/blob/main/core/src/main/java/org/bouncycastle/asn1/ASN1ObjectIdentifier.Java.

IMPACTED: Bouncy Castle for Java

BC 1.0 through 1.77
BC-FJA 1.0.0 through 1.0.2.5
BC-FJA 2.0.0 through 2.0.0

REMEDIATED:  Bouncy Castle for Java 1.0.2.6

Resolution

Upgrade Bouncy Castle for Java on the Siteminder Access Gateway r12.9 and older to Bouncy Castle 1.0.2.6

1) Logon to the Siteminder Access Gateway Server

2) Stop the Siteminder Access Gateway Server

3) Back-up the existing "bc-fips-1.0.2.4.jar" or older (example: bc-fips-1.0.1.jar)

EXAMPLE:

# cd <Install_Dir>/CA/secure-proxy/agentframework/java/
# mv bc-fips-1.0.2.4.jar bc-fips-1.0.2.4.jar.BAK

# cd <Install_Dir>/CA/secure-proxy/Tomcat/webapps/affwebservices/WEB-INF/lib/
# mv bc-fips-1.0.2.4.jar bc-fips-1.0.2.4.jar.BAK

# cd <Install_Dir>/CA/secure-proxy/Tomcat/thirdparty/
# mv bc-fips-1.0.2.4.jar bc-fips-1.0.2.4.jar.BAK

# cd <Install_Dir>/CA/secure-proxy/Tomcat/federation_apps/sts/webapps/WEB-INF/lib/
# mv bc-fips-1.0.2.4.jar bc-fips-1.0.2.4.jar.BAK

4) Copy 'bc-fips-1.0.2.6.jar.' from this KB to the Siteminder Access Gateway Server.

5) Place the updated 'bc-fips-1.0.2.6.jar' in the following directories

<Install_Dir>/CA/secure-proxy/agentframework/java/bc-fips-1.0.2.6.jar
<Install_Dir>/CA/secure-proxy/Tomcat/webapps/affwebservices/WEB-INF/lib/bc-fips-1.0.2.6.jar
<Install_Dir>/CA/secure-proxy/Tomcat/thirdparty/bc-fips-1.0.2.6.jar
<Install_Dir>/CA/secure-proxy/Tomcat/federation_apps/sts/webapps/WEB-INF/lib/bc-fips-1.0.2.6.jar

6) Start the Siteminder Access Gateway Server and verify functionality

7) Delete the following files

<Install_Dir>/CA/secure-proxy/agentframework/java/bc-fips-1.0.2.4.jar.BAK
<Install_Dir>/CA/secure-proxy/Tomcat/webapps/affwebservices/WEB-INF/lib/bc-fips-1.0.2.4.jar.BAK
<Install_Dir>/CA/secure-proxy/Tomcat/thirdparty/bc-fips-1.0.2.4.jar.BAK
<Install_Dir>/CA/secure-proxy/Tomcat/federation_apps/sts/webapps/WEB-INF/lib/bc-fips-1.0.2.4.jar.BAK

Additional Information

Attachments

bc-fips-1.0.2.6.jar get_app
Powered by Wolken Software