Patrick-Dussault

Tech Tip : CA Single Sign-On : CA Access Gateway (SPS) Apache is upgraded to Apache 2.4.25.

Discussion created by Patrick-Dussault Employee on Jan 23, 2018

Symptoms:

 

We're running CA Access Gateway (SPS) and we have discovered an Apache vulnerability that could affect it:

 

A Denial of Dervice (DoS) vulnerability is present in the embedded HTTP Server.

 

The DoS occurs because the HTTP Server allows incomplete connections to stay open for an unnecessary period of time. Processes are a limited resource, and thus the HTTP Server cannot have infinite connections but instead a limited number of clients connected at the same time. The attacker will create multiple slow incomplete connection requests to the HTTP Server causing it to reach the connections limit and make the Server to stop responding to other incoming requests.

 

How can we upgrade the Apache server to fix this?

 

Environment:

 

CA Access Gateway (SPS) R12.52 SP1

 

Resolution:

 

Upgrade CA Access Gateway (SPS) to R12.52 SP1 CR07 to fix it. The embedded Apache version has been upgraded to 2.4.25 to solve this issue.

 

Defects Fixed in R12.52 SP1 CR07:

https://docops.ca.com/ca-single-sign-on/12-52-sp1/en/release-notes/cumulative-releases/defects-fixed-in-12-52-sp1-cr07


KB : TEC1189349

Outcomes