APM Wily servers have been flagged by vulnerability scans for the following issues:
1-
- Titles aggregated to: Self-signed TLS/SSL certificate
2-
- HTTP OPTIONS Method Enabled
Release : 10.7.0
Component : APM Mangers
Report #1 : Titles aggregated to: Self-signed TLS/SSL certificate
SSL needs to be configure by customer environment administrator with their own certificates. Please follow below documentation for SSL configuration,
Configuring Jetty Options
Report #2 : HTTP OPTIONS Method Enabled
We can disable HTTP OPTIONS method with configuration in em-jetty-config.xml and webview-jetty-config.xml file under config folder of EM installation.