Vulnerabilities in Layer 7 Device

Document ID : KB000100090
Last Modified Date : 05/07/2018
Show Technical Document Details
Issue:
We are trying to remediate the below vulnerabilities on Layer 7 devices: 

Layer 7 TCP Sequence Number Approximation Based Denial of Service for port 82054 
Layer 7 Multiple Cross-Site Scripting Vulnerabilities Detected 
Layer 7 Apache Tomcat 4, 5 and 6 Examples Web Application Multiple Cross-Site Scripting Vulnerabilities 
Layer 7 Apache Tomcat 5 Cross-Site Scripting in implicit-objects.jsp of "Examples" Application 
Layer 7 Recipe Guestbook.php or Error-Page Handler Cross-Site Scripting Vulnerability 
Layer 7 Apache Server Side Include Cross Site Scripting Vulnerability 
Layer 7 Moodle badges/external.php Cross-Site Scripting Vulnerability 

Layer 7 device specifications: 
Version: 7.1 build 4473 
Operating system: Linux server 
Environment:
CA API Gateway 7.1 on Red Hat 5.11
Resolution:
Based upon the CVE ID, the OS and information provided in the Red Hat CVE Database, these vulnerabilities are not applicable to Red Hat 5.11 and are considered to be false positives. It is the customer's responsibility to stay current on OS maintenance and confirm if these vulnerabilities affect their environment.