Layer7 Access Management

CVE-2019-0232 vulnerability impact CA SSO?

  • 1.  CVE-2019-0232 vulnerability impact CA SSO?

    Posted 04-23-2019 06:35 AM

    Hi CA Communities,

     

    Our client is asking if the following CVE impacts CA SSO as they are using Access Gateway as well as Sharepoint agent. 

     

    https://nvd.nist.gov/vuln/detail/CVE-2019-0232

     

    From the looks of it, it seems to impact only if CGI is enabled.

     

    I see this in Tomcat/conf/web.xml

    Since they are commented away, am I right to say that CGI is not enabled and CA SSO isn't impacted by this CVE? Please advise. Thank you.

     

    <!--
    <servlet>
    <servlet-name>cgi</servlet-name>
    <servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
    <init-param>
    <param-name>cgiPathPrefix</param-name>
    <param-value>WEB-INF/cgi</param-value>
    </init-param>
    <load-on-startup>5</load-on-startup>
    </servlet>
    -->

    <!--
    <servlet-mapping>
    <servlet-name>cgi</servlet-name>
    <url-pattern>/cgi-bin/*</url-pattern>
    </servlet-mapping>
    -->

     

     

    regards,

    Zen