2016 m. balandžio 6 d., trečiadienis

CA20160405-01: Security Notice for CA API Gateway

CA20160405-01: Security Notice for CA API Gateway

Issued: April 5, 2016
Last Updated: April 5, 2016

CA Technologies Support is alerting customers to a Medium risk
vulnerability with CA API Gateway (formerly known as Layer7 API
Gateway). A vulnerability, CVE-2016-3118, exists in CA API Gateway
that may allow a remote unauthenticated attacker to conduct CRLF
Injection attacks in limited network configurations. CA has fixes
available.

Risk Rating

CVE Identifier
Risk

CVE-2016-3118
Medium

Platform(s)

Linux, Sun Solaris

Affected Products

CA API Gateway (formerly Layer7 API Gateway) 7.1, 8.0, 8.1, 8.2, 8.3,
8.4

Unaffected Products

CA API Gateway 9.0 and later

How to determine if the installation is affected

In CA API Gateway, view the Policy Manager "about" box to find the
version. If the CA API Gateway version is earlier than the fix version
below, the installation may be vulnerable.

Product:
Fix Version

CA API Gateway 7.1:
7.1.04
CA API Gateway 8.0, 8.1, 8.2, 8.3:
8.3.01
CA API Gateway 8.4:
8.4.01
CA API Gateway 9.0 and later:
Not affected

Solution

CA Technologies has fixes that correct this vulnerability for all affected
CA API Gateway versions. Update to the fix version indicated below.

CA API Gateway 7.1:
Update to 7.1.04

CA API Gateway 8.0, 8.1, 8.2, 8.3:
Update to 8.3.01

CA API Gateway 8.4:
Update to 8.4.01

CA API Gateway 9.0 is not affected

References

CVE-2016-3118 - CA API Gateway CRLF Injection

Acknowledgement

CVE-2016-3118 - Patrick Webster of OSI Security

Change History

Version 1.0: Initial Release

If additional information is required, please contact CA Technologies
Support at https://support.ca.com/

If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln <AT> ca.com

Security Notices and PGP key
https://support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782

Regards,

Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response Team

Copyright (c) 2016 CA. All Rights Reserved. One CA Plaza, Islandia,
N.Y. 11749. All other trademarks, trade names, service marks, and
logos referenced herein belong to their respective companies.
Pranešimą parašė ties

Komentarų nėra:

Rašyti komentarą

Užsisakykite: Rašyti komentarus (Atom)