CA20090123-01: Security Notice for Cohesion Tomcat
Issued: January 23, 2009
Last Updated: January 26, 2009
CA's technical support is alerting customers to multiple security risks with CA Cohesion Application Configuration Manager. Multiple vulnerabilities exist in Apache Tomcat as included with Cohesion. CA has issued an update to address the vulnerabilities.
Refer to the References section for the full list of resolved issues by CVE identifier.
CA Cohesion Application Configuration Manager 4.5
CA Cohesion Application Configuration Manager 4.5 SP1
How to determine if the installation is affected
- Using Windows Explorer, locate the file "RELEASE-NOTES".
- By default, the file is located in the "C:Program FilesCACohesionServerserver" directory.
- Open the file with a text editor.
- If the version is less than 5.5.25, the installation is vulnerable.
CA has issued the following update to address the vulnerabilities.
CA Cohesion Application Configuration Manager 4.5:
*Note: the issue was not completely fixed by Tomcat maintainers.
Version 1.0: Initial Release
Version 1.1: Updated Affected Products
If additional information is required, please contact CA Support at https://support.ca.com/.
If you discover a vulnerability in CA products, please report your findings to the CA Product Vulnerability Response Team.