Security Scanners Report TDM Portal .gz Archive Files as a Risk

Document ID : KB000007530
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Some security scanners (such as WebInspect) may report *.gz files served by TDM Portal to be a risk factor.

A sample result from WebInspect reads as follows:

Webinspect has detected an archive file with the .gz extension on the target server. The severity of the threats posed by the web-accessible backup files depends on the sensitivity of the information stored in original document. Based on that information, an attacker can gain sensitive information about the site architecture, database and network access credential details, encryption keys, and so forth from these files. The attacker can use information obtained to craft precise targeted attacks, which may not otherwise be feasible, against the application.

The URL provided will look like this:

https://[TDM PORTAL HOSTNAME]:8443/TestDataManager/assets/font/casans/[FILE NAME].gz

Cause:

Some compressed font and library files were inadvertently left over in 2 directories.

Resolution:

All *.gz files in the following directories can be safely deleted:

  • C:\Program Files\CA\CA Test Data Manager Portal\tomcat\bin
  • C:\Program Files\CA\CA Test Data Manager Portal\tomcat\webapps\TestDataManager\WEB-INF\classes\static\assets\font\casans

Once deleted the scan should no longer report these as vulnerable or threats.

Additional Information:
  • There is no known security risk with these files
  • The files in the "casans" directory are simply compressed font files
  • The files in the "tomcat\bin" directory are not served to clients/web browsers at all
    • While these files are safe to remove, they are also equally safe to leave in place
    • They may be used to configure performance and/or scalability options in the future
  • None of the *.gz files contain any user data whatsoever.