Follow up tasks for CVE related to CS473270

Forum|Forum|13 hours ago
June 26, 2026
1 reply
0 views

Just posting a clarifying question to field. This article discusses mitigation steps as well as temp patches. We have implemented the mitigation steps (Apache changes and wt.properties changes) and now applied the temp patch.

Then it says that once patch is applied to remove the mitigation steps. I just to be clear about what can be removed. It appears like the “wt.manager.serialFilte” changes to the wt.properties.xconf remain. It seems to indicate the two Apache mitigation steps, 92- and 90-, should be removed. Or is it just -90, Apache work around 1, that should be removed?

Going back to the previous CVE (https://www.ptc.com/en/support/article/CS466318), this also had us create an Apache work around (also 90-) blocking a Publish URL. I did not see instructions to remove this once patch was applied.

Lastly, there was another Apache mitigation (https://www.ptc.com/en/support/article/CS466866?source=search) which created 91- conf file, blocking “ReconnectedHttpURLCon” URL. Appears no patch for this and this remains in place.

If anyone has clarity on this, please post. I am not seeing any ill effects as of yet.

Bus_System Administration

This topic has been closed for replies.

olivierlp

Community Manager

Hi @avillanueva , Let us contact you directly about this topic.
To all, we recommend opening a support case if you have a concern on this subject matter.

Thanks for your understanding.

Olivier

Sign up

Please use your PTC eSupport account.

Welcome to the PTC Community

Please use your PTC eSupport account.

Scanning file for viruses.

This file cannot be downloaded