TIM - critical vulnerabilities -Obsolete Version of Java

book

Article ID: 208227

calendar_today

Updated On:

Products

CA Application Performance Management (APM / Wily / Introscope)

Issue/Introduction

TIM reporting vulnerabilities with Apache (HTTPD) and Java,  Currently my version on Apache and Java versions are below,

Installed Packages
Name        : httpd
Arch        : x86_64
Version     : 2.2.15
Release     : 69.el6
Size        : 3.0 M
Repo        : installed
From repo   : rhel-6-server-rpms
Summary     : Apache HTTP Server
URL         : http://httpd.apache.org/
License     : ASL 2.0
Description : The Apache HTTP Server is a powerful, efficient, and extensible
            : web server.

[[email protected] ~]# httpd -v
Server version: Apache/2.2.15 (Unix)
Server built:   Feb 19 2018 06:33:11


java version "1.7.0_131"
OpenJDK Runtime Environment (rhel-2.6.9.0.el6_8-x86_64 u131-b00)
OpenJDK 64-Bit Server VM (build 24.131-b00, mixed mode)
[[email protected] bin]#

 

Environment

Release : 10.7.0

Component : APM Agents

Resolution

Customer upgraded to 

[[email protected] ~]# httpd -v
Server version: Apache/2.2.15 (Unix)
Server built:   Feb 19 2018 06:33:11


[[email protected] ~]# java -version
java version "1.7.0_261"
OpenJDK Runtime Environment (rhel-2.6.22.1.el6_10-x86_64 u261-b02)
OpenJDK 64-Bit Server VM (build 24.261-b02, mixed mode)

 

And passed vulnerability test.