CA20090123-01: Security Notice for Cohesion Tomcat - CA Technologies
{{search ? 'Close':'Search'}}

CA20090123-01: Security Notice for Cohesion Tomcat

Issued: January 23, 2009
Last Updated: January 26, 2009

CA's technical support is alerting customers to multiple security risks with CA Cohesion Application Configuration Manager. Multiple vulnerabilities exist in Apache Tomcat as included with Cohesion. CA has issued an update to address the vulnerabilities.

Refer to the References section for the full list of resolved issues by CVE identifier.

Risk Rating

Medium

Platform

Windows

Affected Products

CA Cohesion Application Configuration Manager 4.5

Non-Affected Products

CA Cohesion Application Configuration Manager 4.5 SP1

How to determine if the installation is affected

  1. Using Windows Explorer, locate the file "RELEASE-NOTES".

  2. By default, the file is located in the "C:Program FilesCACohesionServerserver" directory.

  3. Open the file with a text editor.

  4. If the version is less than 5.5.25, the installation is vulnerable.

Solution

CA has issued the following update to address the vulnerabilities.

CA Cohesion Application Configuration Manager 4.5:
RO04648

Workaround

None

References

CVE-2005-2090
CVE-2005-3510
CVE-2006-3835
CVE-2006-7195
CVE-2006-7196
CVE-2007-0450
CVE-2007-1355
CVE-2007-1358
CVE-2007-1858
CVE-2007-2449
CVE-2007-2450
CVE-2007-3382
CVE-2007-3385 *
CVE-2007-3386
CVE-2008-0128

*Note: the issue was not completely fixed by Tomcat maintainers.

Change History

Version 1.0: Initial Release
Version 1.1: Updated Affected Products

If additional information is required, please contact CA Support at https://support.ca.com/.

If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team.

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing