Summary KB of TIM security fixes.

Document ID : KB000031005
Last Modified Date : 14/02/2018
Show Technical Document Details

Description:

Summary KB of TIM security fixes including recent vulnerabilities.

 

Solution:

This is a list of all documents referring to TIM security issues available to the moment.

KB #

Title

Short Description

link

 

 

 

 

TEC595868

TIM security concerns: Apache 2.2 < 2.2.23 Multiple Vulnerabilities

A security scan of 9.1.5 TIM shows the following:

 

Apache 2.2 < 2.2.23 Multiple Vulnerabilities

Apache 2.2 < 2.2.23 Multiple Vulnerabilities

Apache 2.2 < 2.2.23 Multiple Vulnerabilities

Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting Vulnerabilities

Apache 2.2 < 2.2.24 Multiple Cross-Site Scripting Vulnerabilities

 

What are the suggested next steps?

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC595868.aspx

TEC597387

How to remove weak cipher suites from the TIM web server i.e. those with less than 128-bit encryption.

Due to a monitored security vulnerability on the TIM web server, it is required to remove weak cipher suites from the web server i.e. those with less than 128-bit encryption.

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC597387.aspx

TEC598181

Cannot read /etc.wily/cem/tim/logs/protocolstats/... [Errno 13] Permission denied

When trying to view the Tim packet Statistics or Timlog files, the browser is displaying an error indicating no permission to the file e.g.

 

Cannot read /etc.wily/cem/tim/logs/protocolstats1/2013-08-13.csv: [Errno 13] Permission denied: '/etc.wily/cem/tim/logs/protocolstats1/2013-08-13.csv'

 

Inspection of the file in the file system using 'ls -al' shows that the file permissions are:

 

  -rw-r----- 1 root root 25031 Aug 13 06:24 2013-08-13.csv

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC598181.aspx

TEC601421

Important notes concerning applications using SSL/TLS DEFLATE compression with APM CE (CEM) monitoring

This article explains why SSL/TLS DEFLATE Compression is not supported by APM CE (CEM) and why using such compression can be harmful.

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC601421.aspx

TEC602364

TIM logs indicate that critical information such as password and SSN are set as Private Parameters and are masked in the request body, but are displayed in clear text in

Critical information in Request Headers is set as private parameters, but is appearing in the TIM logs in clear text. Examples include Password and SSN.

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC602364.aspx

 

 

 

 

TEC603778

TIM Log contains critical information such as passwords and SSNs which are defined as Private Parameters and are masked in the request body

Passwords and SSNs are visible in clear text in the TIM log Request Headers which are set as Private Parameters

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC603778.aspx

TEC605134

SERVICE PACK::9.5.1 - Part 1

What is fixed in 9.5.1

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC605134.aspx

TEC611166

Security details for the ServletHeaderDecorator setting introscope.agent.decorator.security

By enabling the ServletHeaderDecorator, APM adds the x-wily-info HTTP header. In the introscopeAgent.profile, the security settings can be set to either clear or encrypted. This is explained in the header in that file

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC611166.aspx

TEC618037

Bash Code Injection (Shellshock) and CEM TIM and TIMSoft

The CEM Transaction Impact Monitor (TIM) is a passive network probe that collects business transaction information on HTTP/HTTPS traffic through a network span or tap. The CEM TIM is a C++ based application that runs on specific versions of the Linux operating system and does not use the Bash shell for any of its operational functions, however prior to version 9.6, the TIM installation script does use the bash shell.

 

It has been recently disclosed by industry experts that most versions of Unix, Linux, OSX and other variants are susceptible to a security issue that allows the execution of bash code injection. This is being referred to in the media as "Shellshock".

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC618037.aspx

TEC1344045

TIM and SSLv3 Poodle Vulnerability

Recently, RedHat has announced a security vulnerability in SSLv3 protocol, commonly referred to as ‘POODLE’.

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC1344045.aspx

TEC1761946

GHOST Vulnerability and TIM

This is a statement about recent security vulnerabilities and how to fix them in the various versions.

http://www.ca.com/us/support/ca-support-online/product-content/knowledgebase-articles/TEC1761946.aspx