Can .java files be removed to mitigate Vuln ID: V-76717: IIS 8.5 Server Security?

book

Article ID: 17033

calendar_today

Updated On:

Products

SUPPORT AUTOMATION- SERVER CA Service Desk Manager - Unified Self Service KNOWLEDGE TOOLS CA Service Management - Asset Portfolio Management CA Service Management - Service Desk Manager

Issue/Introduction



Can ".java" files be removed from CA Service Desk Manager file structure to mitigate Vuln ID: V-76717: IIS 8.5 Server Security?

Environment

CA Service Desk Manager (all versions) on Microsoft Windows using IIS

Resolution

You may remove all the "example" files that are provided however, if certain other .java files are removed, it could prevent the application from working properly.  Here is the complete list of files that MUST remain in place for proper operation:

%NX_ROOT%\bopcfg\www\CATALINA_BASE\work\Catalina\localhost\AMS\org\apache\jsp\pages\owrView_jsp.java 

%NX_ROOT%\bopcfg\www\CATALINA_BASE\work\Catalina\localhost\AMS\org\apache\jsp\pages\product_005ffooter_jsp.java 

%NX_ROOT%\bopcfg\www\CATALINA_BASE\work\Catalina\localhost\AMS\org\apache\jsp\pages\product_005fheader_jsp.java 

%NX_ROOT%\bopcfg\www\CATALINA_BASE\work\Catalina\localhost\ROOT\org\apache\jsp\index_jsp.java 

%NX_ROOT%\bopcfg\www\CATALINA_BASE_VIZ\work\Catalina\localhost\CMDBVisualizer\org\apache\jsp\jsp\admin_jsp.java 

%NX_ROOT%\bopcfg\www\CATALINA_BASE_VIZ\work\Catalina\localhost\CMDBVisualizer\org\apache\jsp\jsp\VisualizerMain_jsp.java 

%NX_ROOT%\bopcfg\www\CATALINA_BASE\webapps\axis\SOAPMonitorApplet.java