Is there any plan by CA to address "CVE-2017-12616"?
When will CA Secure Proxy update available with Tomcat version 7.0.81 or above?
Defects Fixed in 12.52 SP1 CR07 - CA Single Sign-On - 12.52 SP1 - CA Technologies Documentation
OpenSSL is upgraded to OpenSSL 1.0.2k. Apache is upgraded to Apache 2.4.25. Apache Tomcat is upgraded to Apache Tomcat 7.0.77.0.
CA Secure Proxy update available with Tomcat version 7.0.81 or above is not available yet, but definitely on the plan.
It is just a matter of time.
I am in process to confirm the dates and will update again once I have it.
Hongxu
Thanks for the update. If you provide us with ETA that will help.
Thanks,
Chandra
On Tue, Sep 26, 2017 at 12:50 PM, liuho03 <
CA engineering is going to release R12.52sp1CR8 in next week or two. In that release, should find updated apache version 2.4.27, which will resolve some known security vulnerability (CVE-2017-9788 and CVE-2017-9789).
We maybe then check the version of Tomcat too.
Please wait for R12.52sp1CR8 download from support.ca.com and then verify.
https://support.ca.com/us/product-content/recommended-reading/technical-document-index/ca-single-sign-on-hotfix-cumulative-release-index.html#CASMSPA
Thank you,
Hongxu Liu