Correcting the XML External Entity(XXE) exploit in CA Access Gateway

Document ID:  TEC1051936
Last Modified Date:  08/11/2017
{{active ? 'Hide' : 'Show'}} Technical Document Details

Products

  • CA Single Sign-On

Releases

  • CA Single Sign-On:Release:12.52 SP1

Components

  • SITEMINDER SECURE PROXY SERVER:SMSPS
Issue:

It has been determined that CA Access Gateway 12.52 SP1 b499 is vulnerable to the XML External Entity(XXE) exploit. An attacker exploiting this vulnerability is able to retrieve confidential data and access sensitive files on the server, e.g. the "passwd" file. 

SiteMinder's "affwebservices" part contains two SOAP services: router and session. You can send a SOAP request to the endpoints with an external entity reference inside the parameter, this will cause an exception when the service tries to parse the contents of a requested system file (/etc/passwd, for example) into a valid date/timestamp.  Exception from service object: Unparseable date: is obtained followed by the data from /etc/passwd. 

Environment:
PS 12.52 SP1 CR02 build 766 SPS 12.52 SP1 build 499
Resolution:

Issue is corrected in CA Access Gateway R12.51 CR10 Build#1612

As a workaround, the following workarounds are also suggested

  • add & ampersand to BadCSSChars 
  • add string validation for the accessTimestamp to check for integers and/or proper date formatting 

Please help us improve!

Will this information enable you to resolve your issue?

Please tell us what we can do better.

{{feedbackText.length ? feedbackText.length : '0'}}/255

{{status}}

Not what you were looking for?

Search Again >

Product Information

Support by Product >

Communities

Join a Community >