We'd like to know how to solve security of the embeeded JRE used for
the Web Agent Installer.
We want :
1. Other than upgrading the webagent to latest version, do you have
any alternative solution to fix this?
2. Why does webagent need to have this JRE seperately?
3. Can it use System Default libraries instead of dedicated one? If
yes, can you guide us with the steps?
4. Can we just replace this rt.jar file from respective JDK 1.7 and
1.8 latest builds? Will there be any impact in doing so?
5. The webagent upgrades and java vulnerability fixes may not coincide
with each other and we end up in such situations in future as well,
what is the best way to avoid this in future?
At first glance, as the JRE is used only to run the installer and
uninstaller, and as the JRE is not running as a Service, there should
be no vulnerabilities on the system.
The jvm you see from the installer is given by a third party vendor,
and as such we don't have control on the java version delievered with.
The only way you have to avoid the scanning of the file system telling
you that the installer jvm is vulnerable is :
- Tarball the following repositories, and archive
them :
ca-wa-uninstall/
install_config_jre/
This won't harm the work of the Web Agent.
You should have your own process to keep track of these repository if
you need to run the installer/configuration/uninstaller and upgrade
the Web Agent.