Notes on CVE-2023-35082
Warning
Work in progress, not well tested, may hit on false positives or false negatives, may break functionality if used for blocking, use at your own risk.
The Ivanti RPM[2] uses postinstall scripts to modify Apache Tomcat and httpd configuration files.
--- security.xml.old
+++ security.xml.new
@@ -1 +1,19 @@
-<sec:http pattern="/asfV3/**" security="none" create-session="stateless"/>
+<sec:http pattern="/asfV3/appstore" security="none" create-session="stateless"/>
+ <sec:http pattern="/asfV3/applist" security="none" create-session="stateless"/>
+ <sec:http pattern="/asfV3/aaw/**/*.css" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.eot" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.gif" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.html" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.jpg" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.js" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.json" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.jsonp" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.jsp" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.md" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.otf" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.png" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.svg" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.ttf" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.txt" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.woff" security="none"/>
+ <sec:http pattern="/asfV3/aaw/**/*.woff2" security="none"/>
--- security.xml.old
+++ security.xml.new
@@ -1 +1,3 @@
-<sec:http pattern="/services/**" security="none" create-session="stateless"/>
+ <sec:http pattern="/services/*Service" security="none" create-session="stateless"/>
+ <sec:http pattern="/services/EventGenerator" security="none" create-session="stateless"/>
+ <sec:http pattern="/services/stats" security="none" create-session="stateless"/>[1]
[2]
[3]