Hi CA Communities,
Our client is asking if the following CVE impacts CA SSO as they are using Access Gateway as well as Sharepoint agent.
https://nvd.nist.gov/vuln/detail/CVE-2019-0232
From the looks of it, it seems to impact only if CGI is enabled.
I see this in Tomcat/conf/web.xml
Since they are commented away, am I right to say that CGI is not enabled and CA SSO isn't impacted by this CVE? Please advise. Thank you.
<!--
<servlet>
<servlet-name>cgi</servlet-name>
<servlet-class>org.apache.catalina.servlets.CGIServlet</servlet-class>
<init-param>
<param-name>cgiPathPrefix</param-name>
<param-value>WEB-INF/cgi</param-value>
</init-param>
<load-on-startup>5</load-on-startup>
</servlet>
-->
<!--
<servlet-mapping>
<servlet-name>cgi</servlet-name>
<url-pattern>/cgi-bin/*</url-pattern>
</servlet-mapping>
-->
regards,
Zen