Layer7 API Management

  • Private Community

  • 1.  CVE-2005-2090: is Api Gateway >9.3 affected?

    Posted Apr 09, 2019 10:21 AM

    Hello,

    We received an alert regarding the coyote connector version (CVE-2005-2090). I would like to know if the virtual appliance with version > 9.3 is affected by this CVE.

     

    Thanks,

     

    Manuel.



  • 2.  Re: CVE-2005-2090: is Api Gateway >9.3 affected?

    Broadcom Employee
    Posted Apr 15, 2019 09:59 PM

    Good evening,

     

    Please follow this KB to move pass this finding: Changing the Server Header From “Apache-Coyote/1.1 - CA Knowledge 

     

    Sincerely,

     

    Stephen Hughes

    Broadcom Support



  • 3.  Re: CVE-2005-2090: is Api Gateway >9.3 affected?

    Broadcom Employee
    Posted Apr 16, 2019 03:52 AM

    Hello,

     

    I found coyote-6.0.41.jar was included in API Gateway 9.3 (no CR).

    According to ASF, CVE-2005-2090 was fixed completely in 6.0.39. (Apache Tomcat® - Apache Tomcat 6 vulnerabilities )

    I don't think 9.3 is affected by CVE-2005-2090.

     

    Best regards,

    Seiji