CA20160405-01: Security Notice for CA API Gateway - CA Technologies
{{search ? 'Close':'Search'}}

CA20160405-01: Security Notice for CA API Gateway

Issued: April 05, 2016
Last Updated: April 05, 2016

CA Technologies Support is alerting customers to a Medium risk vulnerability with CA API Gateway (formerly known as Layer7 API Gateway). A vulnerability, CVE-2016-3118, exists in CA API Gateway that may allow a remote unauthenticated attacker to conduct CRLF Injection attacks in limited network configurations. CA has fixes available.

Risk Rating

CVE Identifier Risk
CVE-2016-3118 Medium


Linux, Sun Solaris

Affected Products

CA API Gateway (formerly Layer7 API Gateway) 7.1, 8.0, 8.1, 8.2, 8.3, 8.4

Unaffected Products

CA API Gateway 9.0 and later

How to determine if the installation is affected

In CA API Gateway, view the Policy Manager "about" box to find the version. If the CA API Gateway version is earlier than the fix version below, the installation may be vulnerable.

Product Fix Version
CA API Gateway 7.1 7.1.04
CA API Gateway 8.0, 8.1, 8.2, 8.3 8.3.01
CA API Gateway 8.4 8.4.01
CA API Gateway 9.0 and later Not affected


CA Technologies has fixes that correct this vulnerability for all affected CA API Gateway versions. Update to the fix version indicated below.

CA API Gateway 7.1:
Update to 7.1.04

CA API Gateway 8.0, 8.1, 8.2, 8.3:
Update to 8.3.01

CA API Gateway 8.4:
Update to 8.4.01

CA API Gateway 9.0 is not affected


CVE-2016-3118 - CA API Gateway CRLF Injection


CVE-2016-3118 - Patrick Webster of OSI Security

Change History

Version 1.0: Initial Release

A notification about this security notice will be sent to customers who are subscribed to Proactive Notifications.

If additional information is required, please contact CA Technologies Support at

If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team.

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required


We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{}} will be helping you today.

    View Profile

  • Transfered to {{}}

    {{}} joined the conversation

    {{}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1]}} has ended.
    Thank you for your interest in CA.

    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

agent is typing