CA Technologies Support is alerting customers to a Medium risk vulnerability with CA API Gateway (formerly known as Layer7 API Gateway). A vulnerability exists in CA API Gateway that may allow a remote unauthenticated attacker to conduct CRLF Injection attacks in limited network configurations. CA has fixes available. Versions affected include 7.1, 8.0, 8.1, 8.2, 8.3, and 8.4.
d75ce9c00c2cc4cc2833e147503b98c91bbedd492653fd12e4463e86d064dac4-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
CA20160405-01: Security Notice for CA API Gateway
Issued: April 5, 2016
Last Updated: April 5, 2016
CA Technologies Support is alerting customers to a Medium risk
vulnerability with CA API Gateway (formerly known as Layer7 API
Gateway). A vulnerability, CVE-2016-3118, exists in CA API Gateway
that may allow a remote unauthenticated attacker to conduct CRLF
Injection attacks in limited network configurations. CA has fixes
available.
Risk Rating
CVE Identifier
Risk
CVE-2016-3118
Medium
Platform(s)
Linux, Sun Solaris
Affected Products
CA API Gateway (formerly Layer7 API Gateway) 7.1, 8.0, 8.1, 8.2, 8.3,
8.4
Unaffected Products
CA API Gateway 9.0 and later
How to determine if the installation is affected
In CA API Gateway, view the Policy Manager "about" box to find the
version. If the CA API Gateway version is earlier than the fix version
below, the installation may be vulnerable.
Product:
Fix Version
CA API Gateway 7.1:
7.1.04
CA API Gateway 8.0, 8.1, 8.2, 8.3:
8.3.01
CA API Gateway 8.4:
8.4.01
CA API Gateway 9.0 and later:
Not affected
Solution
CA Technologies has fixes that correct this vulnerability for all affected
CA API Gateway versions. Update to the fix version indicated below.
CA API Gateway 7.1:
Update to 7.1.04
CA API Gateway 8.0, 8.1, 8.2, 8.3:
Update to 8.3.01
CA API Gateway 8.4:
Update to 8.4.01
CA API Gateway 9.0 is not affected
References
CVE-2016-3118 - CA API Gateway CRLF Injection
Acknowledgement
CVE-2016-3118 - Patrick Webster of OSI Security
Change History
Version 1.0: Initial Release
If additional information is required, please contact CA Technologies
Support at https://support.ca.com/
If you discover a vulnerability in CA Technologies products, please
report your findings to the CA Technologies Product Vulnerability
Response Team at vuln <AT> ca.com
Security Notices and PGP key
https://support.ca.com/irj/portal/anonymous/phpsbpldgpg
www.ca.com/us/support/ca-support-online/documents.aspx?id=177782
Regards,
Kevin Kotas
Vulnerability Response Director
CA Technologies Product Vulnerability Response Team
Copyright (c) 2016 CA. All Rights Reserved. One CA Plaza, Islandia,
N.Y. 11749. All other trademarks, trade names, service marks, and
logos referenced herein belong to their respective companies.
-----BEGIN PGP SIGNATURE-----
Charset: utf-8
wsFVAwUBVwQ4wDuotw2cX+zOAQqaNg//Q3UFXyWWwTCUWubjAJD9XKmwmQ94mN1z
Z8nZlDZoAvS72F0PM9IxPs4Y135Gxw6D9mbyOjDKcF1uPaZCCAHyAjsYf+wkwLyq
l8ILYq1FPchY6lbwH+nx8U+XHRG0/g+mgGjBa4jDNhItGFVidxFFm1CjPHQkbONq
xifyNhkys81InM115ikkhmXEE7CORRwmrtC+kHu/vnZpHO1yw9uUQNn4M41hmW2d
3fJt9D6m5mroBa9qN4Z6Q2GrOY7yRM54mETcEa6mDvh9jtRxhIuXVVmWBG0tI0fG
9+ul46MbNb1oSUQilrrDqlZOfnUvAPhvB2nCwnnO14cuI9pgslomVsXb6L1Td7XR
to6lA60Q75GxPJRC8g0OPnq5OSW1WtUf7hnq+jJh0WFHN/zoacKPZiiPilsy9xCq
rV4nMEm/MAZeF8nNljn434Z6HugoPcilkjmyk4aZPsZXq43xxO2flsedEubYH8dC
6qc6tkyyAQXXuwazf7cWk+jlCafjXDqSYz70KMRhyWCqMvNXWnlHfyc4TLWxUtU1
3C9YeLsp20RS6TSDTDCpZJMZyhIRN/icg7WA/Sjoh+spV6dZ9JTCB+oXpB7wP+8V
t7kcF9hW+Dh/II1OUMN/PXvH72G4M1NyaPuBhFyVsdYU97uwfVGSPBqG2NqMkBlL
yBbzOtDOq6s=
=rWD3
-----END PGP SIGNATURE-----
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed