CA Endevor

  • 1.  POODLE Vulnerability

    Posted 11-10-2014 11:55 AM

    You may be wondering if SSL Support for Endevor is affected by the  POODLE vulnerability. The CA Endevor SCM family of products are not vulnerable, but the infrastructure we use - Apache Tomcat - under its default settings for SSL setup can potentially be vulnerable. This has implications for ENWS (Endevor Webservices)  and CMEW (CA Change Manager Enterprise Workbench)  which use Tomcat. The remedy is described on the Tomcat Wiki Page " Security/POODLE - Tomcat Wiki". Basically it's simple - all that needs to be done is to add parameter to the SSL connector in server.xml file.

     

          sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"