Configuration data is sent network device in clear text on port 8080
Article ID: 113334
Updated On: 11-01-2023
Products
Spectrum
Issue/Introduction
We have implemented SSL for CA Spectrum Oneclick console.
During a security scan in the data is shown in cleartext and communication is happening with port 8080.
During a security scan in the data is shown in cleartext and communication is happening with port 8080.
Environment
Release:
Component: SPCCSS
Component: SPCCSS
Cause
Port 8080 is not a secure port.
Resolution
The connector must be commented out in the server.xml file and tomcat restarted.
1. Navigate to $SPECROOT/tomcat/conf
2. Open server.xml file in text editor of choice.
3. Find this line (or similar):
<Connector port="8080" URIEncoding="UTF-8" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="true" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" tcpNoDelay="true"/>
4. Add comments around it:
<!--
<Connector port="8080" URIEncoding="UTF-8" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="true" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" tcpNoDelay="true"/>
-->
5. You should only have the SSL connector open, such as this:
<Connector port="8443" enableLookups="true" disableUploadTimeout="true" tcpNoDelay="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" keystoreFile="/ca/spectrum/custom/keystore/cacerts"keystorePass="changeit"></Connector>
6. Save the file and restart Spectrum Tomcat Service.
1. Navigate to $SPECROOT/tomcat/conf
2. Open server.xml file in text editor of choice.
3. Find this line (or similar):
<Connector port="8080" URIEncoding="UTF-8" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="true" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" tcpNoDelay="true"/>
4. Add comments around it:
<!--
<Connector port="8080" URIEncoding="UTF-8" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" enableLookups="true" redirectPort="8443" acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" tcpNoDelay="true"/>
-->
5. You should only have the SSL connector open, such as this:
<Connector port="8443" enableLookups="true" disableUploadTimeout="true" tcpNoDelay="true" acceptCount="100" scheme="https" secure="true" SSLEnabled="true" clientAuth="false" sslProtocol="TLS"ciphers="TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" keystoreFile="/ca/spectrum/custom/keystore/cacerts"keystorePass="changeit"></Connector>
6. Save the file and restart Spectrum Tomcat Service.
Feedback
Was this article helpful?
Yes
No
Powered by
