Wildfly Admin Interface (VNA_host:9990) disabled in 21.2.7
Article ID: 232018
Updated On:
Products
Issue/Introduction
In 21.2.7 VNA, the Wildfly Admin Interface has been disabled to remediate a known vulnerability.
Access to the VNA debug options will now be provided by the jboss-cli
Environment
Virtual Network Assurance
VNA 21.2.7 +
Cause
CVE-2020-11022
Resolution
To edit debug levels (typically at the request of support):
- On the VNA host, change directory to <VNA install>/wildfly/bin
- (With VNA running) Connect JBoss CLI: ./jboss-cli.sh --connect
- List all loggers: [standalone@localhost:9990 /] /subsystem=logging:read-resource
You will see "loggers" listed in the output; VNA loggers will be listed along with other wildfly loggers.
- Set the logger level to "DEBUG" for the ACI Plugin
(as an example): [standalone@localhost:9990 /] /subsystem=logging/logger=ACI_PLUGIN:write-attribute(name=level,value=DEBUG)
The output will report the status of the operation along with the new logger level:
{
"outcome" => "success",
"result" => "DEBUG"
}
Additional Information
cd /opt/CA/VNA/wildfly/bin
[root@lab bin]# ./jboss-cli.sh --connect
[standalone@localhost:9990 /] /subsystem=logging:read-resource
****
Sample output:
{
"outcome" => "success",
"result" => {
"add-logging-api-dependencies" => true,
"use-deployment-logging-config" => true,
"async-handler" => undefined,
"console-handler" => {
"CONSOLE" => undefined,
"GATEWAY_CONSOLE" => undefined
},
"custom-formatter" => undefined,
"custom-handler" => undefined,
"file-handler" => undefined,
"filter" => undefined,
"json-formatter" => undefined,
"log-file" => {
"error.log" => undefined,
"gateway.log" => undefined,
"oc.log" => undefined,
"oc.log.1" => undefined,
"oc.log.2" => undefined,
"oc.log.3" => undefined,
"server.log" => undefined
},
"logger" => {
"com.arjuna" => undefined,
"io.jaegertracing.Configuration" => undefined,
"org.jboss.as.config" => undefined,
"sun.rmi" => undefined,
"jacorb" => undefined,
"jacorb.config" => undefined,
"org.reflections" => undefined,
"org.apache.camel" => undefined,
"CACHING_SERVICE" => undefined,
"IDENTITY_SERVICE" => undefined,
"INVENTORY_SERVICE" => undefined,
"PERSISTENCE_SERVICE" => undefined,
"PERFORMANCE_SERVICE" => undefined,
"CLIENT_UPDATES" => undefined,
"SOUTHBOUND_UPDATES" => undefined,
"PLUGIN_SYSTEM" => undefined,
"MOCK_DATA" => undefined,
"GATEWAY_CORE" => undefined,
"OC_CORE" => undefined,
"OC_COMMON" => undefined,
"OC_ACQUISITION" => undefined,
"OC_SCRIPTING" => undefined,
"EXAMPLE_PLUGIN" => undefined,
"OC_BROADVIEW_PLUGIN" => undefined,
"OPENSTACK_PLUGIN" => undefined,
"CONTRAIL_PLUGIN" => undefined,
"ODL_PLUGIN" => undefined,
"NSX_PLUGIN" => undefined,
"OPENVSWITCH_PLUGIN" => undefined,
"ACI_PLUGIN" => undefined,
"BVIEW_PLUGIN" => undefined,
"ONE28T_PLUGIN" => undefined,
"SILVERPEAK_PLUGIN" => undefined,
"NUAGE_PLUGIN" => undefined,
"NSXT_PLUGIN" => undefined,
"REST_API" => undefined,
"MERAKI_PLUGIN" => undefined,
"VIPTELA_PLUGIN" => undefined,
"VERSA_PLUGIN" => undefined,
"VSPHERE_PLUGIN" => undefined,
"AWS_PLUGIN" => undefined,
"VELOCLOUD_PLUGIN" => undefined,
"AGGREGATION_SERVICE" => undefined,
"NOTIFICATION_PERSISTENCE_SERVICE" => undefined,
"NOTIFICATION_SERVICE" => undefined,
"FLOW_SERVICE" => undefined,
"ERROR_LOGGER" => undefined,
"org.hornetq.jms" => undefined,
"org.hornetq.core.server" => undefined,
"org.jboss.logging" => undefined
},
"logging-profile" => undefined,
"pattern-formatter" => {
"PATTERN" => undefined,
"COLOR-PATTERN" => undefined,
"GATEWAY_LOGGING_PATTERN" => undefined
},
"periodic-rotating-file-handler" => undefined,
"periodic-size-rotating-file-handler" => undefined,
"root-logger" => {"ROOT" => undefined},
"size-rotating-file-handler" => {
"FILE" => undefined,
"GATEWAY_LOGGER" => undefined,
"OC_LOGGER" => undefined,
"GATEWAY_ERROR_LOGGER" => undefined
},
"socket-handler" => undefined,
"syslog-handler" => undefined,
"xml-formatter" => undefined
}
}
Feedback
