CA Access Gateway (SPS) vulnerabilities CVE-2007-6750 and CVE-2012-5568

Document ID : KB000007973
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

I run CA Access Gateway (SPS), and we've discovered the following vulnerabilities CVE-2007-6750 and CVE-2012-5568 :

 

CVE-2007-6750 :

 

The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a

denial of service (daemon outage) via partial HTTP requests, as

demonstrated by Slowloris, related to the lack of the mod_reqtimeout

module in versions before 2.2.15.

CVE-2007-6750

 

CVE-2012-5568 :

 

Apache Tomcat through 7.0.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris.

 

CVE-2012-5568

 

Environment:
CA Access Gateway (SPS) 12.52 SP1 CR6
Resolution:

Upgrade CA Access Gateway (SPS) to 12.52SP1CR07 to benifit the following fix :

 

00662673 - DE276198

 

OpenSSL is upgraded to OpenSSL 1.0.2k.

Apache is upgraded to Apache 2.4.25.

Apache Tomcat is upgraded to Apache Tomcat 7.0.77.0.

 

Defects Fixed in 12.52 SP1 CR07