Issue:
I run CA Access Gateway (SPS), and we've discovered the following vulnerabilities CVE-2007-6750 and CVE-2012-5568 :
CVE-2007-6750 :
The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a
denial of service (daemon outage) via partial HTTP requests, as
demonstrated by Slowloris, related to the lack of the mod_reqtimeout
module in versions before 2.2.15.
CVE-2007-6750
CVE-2012-5568 :
Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.
CVE-2012-5568
Environment:
CA Access Gateway (SPS) 12.52 SP1 CR6
Resolution:
Upgrade CA Access Gateway (SPS) to 12.52SP1CR07 to benifit the following fix :
00662673 - DE276198
OpenSSL is upgraded to OpenSSL 1.0.2k.
Apache is upgraded to Apache 2.4.25.
Apache Tomcat is upgraded to Apache Tomcat 7.0.77.0.
Defects Fixed in 12.52 SP1 CR07
KB : TEC1429801