search cancel

Vulnerability CVE-2015-0225

book

Article ID: 143963

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

Vulnerability critical error in Data Aggregator and Collector servers:

Java JMX RMI Accessible with Common Credentials
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0225

On the DA, the process causing this issue is java here:
# netstat -tulpn | grep 11099
tcp        0      0 0.0.0.0:11099           0.0.0.0:*               LISTEN      950/java

# ls -al /proc/950/exe
lrwxrwxrwx 1 root root 0 Jan  3 22:20 /proc/950/exe -> /ca/IMDataAggregator/jre/bin/java

This is a Java doc for authentication to do with JMX:
https://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html

 

 

 

Environment

Release : 3.7

Component : IM Reporting / Admin / Configuration

Cause

Java JMX RMI Accessible with Common Credentials

 

Resolution

Verify that ports 1099 and 11099 are blocked from external access.
These ports must remain open locally for internal communication.

See more on sites:
DA:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/performance-management/3-7/prepare-to-install-the-data-aggregator.html

DC:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/performance-management/3-7/installing/prepare-to-install-the-data-collectors.html

 

Additional Information

Alternately you can to enable username/password:
In activemq.xml, file change:
        <managementContext>
            <managementContext connectorPort="11099" createConnector="true" />
        </managementContext>

To:
        <managementContext>
            <managementContext connectorPort="11099" createConnector="true" jmxDomainName="org.apache.activemq">
              <property xmlns="http://www.springframework.org/schema/beans" name="environment">
                <map xmlns="http://www.springframework.org/schema/beans">
                  <entry xmlns="http://www.springframework.org/schema/beans"
                         key="jmx.remote.x.password.file"
                         value="${activemq.base}/conf/jmx.password"/>
                  <entry xmlns="http://www.springframework.org/schema/beans"
                         key="jmx.remote.x.access.file"
                         value="${activemq.base}/conf/jmx.access"/>
                </map>
              </property>
            </managementContext>
        </managementContext>

edit conf/jmx.password to have a different password for admin.

After next upgrade is necessary to change the activemq.xml and jmx.password files

Powered by Wolken Software