Vulnerability critical error in Data Aggregator and Collector servers:
Java JMX RMI Accessible with Common Credentials
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0225
On the DA, the process causing this issue is java here:
# netstat -tulpn | grep 11099
tcp 0 0 0.0.0.0:11099 0.0.0.0:* LISTEN 950/java
# ls -al /proc/950/exe
lrwxrwxrwx 1 root root 0 Jan 3 22:20 /proc/950/exe -> /ca/IMDataAggregator/jre/bin/java
This is a Java doc for authentication to do with JMX:
https://docs.oracle.com/javase/6/docs/technotes/guides/management/agent.html
Release : 3.7
Component : IM Reporting / Admin / Configuration
Java JMX RMI Accessible with Common Credentials
Verify that ports 1099 and 11099 are blocked from external access.
These ports must remain open locally for internal communication.
See more on sites:
DA:
DC:
Alternately you can to enable username/password:
In activemq.xml, file change:
<managementContext>
<managementContext connectorPort="11099" createConnector="true" />
</managementContext>
To:
<managementContext>
<managementContext connectorPort="11099" createConnector="true" jmxDomainName="org.apache.activemq">
<property xmlns="http://www.springframework.org/schema/beans" name="environment">
<map xmlns="http://www.springframework.org/schema/beans">
<entry xmlns="http://www.springframework.org/schema/beans"
key="jmx.remote.x.password.file"
value="${activemq.base}/conf/jmx.password"/>
<entry xmlns="http://www.springframework.org/schema/beans"
key="jmx.remote.x.access.file"
value="${activemq.base}/conf/jmx.access"/>
</map>
</property>
</managementContext>
</managementContext>
edit conf/jmx.password to have a different password for admin.
After next upgrade is necessary to change the activemq.xml and jmx.password files