-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 CA20160405-01: Security Notice for CA API Gateway Issued: April 5, 2016 Last Updated: April 5, 2016 CA Technologies Support is alerting customers to a Medium risk vulnerability with CA API Gateway (formerly known as Layer7 API Gateway). A vulnerability, CVE-2016-3118, exists in CA API Gateway that may allow a remote unauthenticated attacker to conduct CRLF Injection attacks in limited network configurations. CA has fixes available. Risk Rating CVE Identifier Risk CVE-2016-3118 Medium Platform(s) Linux, Sun Solaris Affected Products CA API Gateway (formerly Layer7 API Gateway) 7.1, 8.0, 8.1, 8.2, 8.3, 8.4 Unaffected Products CA API Gateway 9.0 and later How to determine if the installation is affected In CA API Gateway, view the Policy Manager "about" box to find the version. If the CA API Gateway version is earlier than the fix version below, the installation may be vulnerable. Product: Fix Version CA API Gateway 7.1: 7.1.04 CA API Gateway 8.0, 8.1, 8.2, 8.3: 8.3.01 CA API Gateway 8.4: 8.4.01 CA API Gateway 9.0 and later: Not affected Solution CA Technologies has fixes that correct this vulnerability for all affected CA API Gateway versions. Update to the fix version indicated below. CA API Gateway 7.1: Update to 7.1.04 CA API Gateway 8.0, 8.1, 8.2, 8.3: Update to 8.3.01 CA API Gateway 8.4: Update to 8.4.01 CA API Gateway 9.0 is not affected References CVE-2016-3118 - CA API Gateway CRLF Injection Acknowledgement CVE-2016-3118 - Patrick Webster of OSI Security Change History Version 1.0: Initial Release If additional information is required, please contact CA Technologies Support at https://support.ca.com/ If you discover a vulnerability in CA Technologies products, please report your findings to the CA Technologies Product Vulnerability Response Team at vuln ca.com Security Notices and PGP key https://support.ca.com/irj/portal/anonymous/phpsbpldgpg www.ca.com/us/support/ca-support-online/documents.aspx?id=177782 Regards, Kevin Kotas Vulnerability Response Director CA Technologies Product Vulnerability Response Team Copyright (c) 2016 CA. All Rights Reserved. One CA Plaza, Islandia, N.Y. 11749. All other trademarks, trade names, service marks, and logos referenced herein belong to their respective companies. -----BEGIN PGP SIGNATURE----- Charset: utf-8 wsFVAwUBVwQ4wDuotw2cX+zOAQqaNg//Q3UFXyWWwTCUWubjAJD9XKmwmQ94mN1z Z8nZlDZoAvS72F0PM9IxPs4Y135Gxw6D9mbyOjDKcF1uPaZCCAHyAjsYf+wkwLyq l8ILYq1FPchY6lbwH+nx8U+XHRG0/g+mgGjBa4jDNhItGFVidxFFm1CjPHQkbONq xifyNhkys81InM115ikkhmXEE7CORRwmrtC+kHu/vnZpHO1yw9uUQNn4M41hmW2d 3fJt9D6m5mroBa9qN4Z6Q2GrOY7yRM54mETcEa6mDvh9jtRxhIuXVVmWBG0tI0fG 9+ul46MbNb1oSUQilrrDqlZOfnUvAPhvB2nCwnnO14cuI9pgslomVsXb6L1Td7XR to6lA60Q75GxPJRC8g0OPnq5OSW1WtUf7hnq+jJh0WFHN/zoacKPZiiPilsy9xCq rV4nMEm/MAZeF8nNljn434Z6HugoPcilkjmyk4aZPsZXq43xxO2flsedEubYH8dC 6qc6tkyyAQXXuwazf7cWk+jlCafjXDqSYz70KMRhyWCqMvNXWnlHfyc4TLWxUtU1 3C9YeLsp20RS6TSDTDCpZJMZyhIRN/icg7WA/Sjoh+spV6dZ9JTCB+oXpB7wP+8V t7kcF9hW+Dh/II1OUMN/PXvH72G4M1NyaPuBhFyVsdYU97uwfVGSPBqG2NqMkBlL yBbzOtDOq6s= =rWD3 -----END PGP SIGNATURE-----