Apache Log4j 1.X Detected on Symantec VIP Enterprise Gateway 9.9.2 or later
Article ID: 235109
Updated On:
Products
Issue/Introduction
Vulnerability Scan is reporting "EOL/Obsolete Software: Apache Log4j 1.X Detected" against VIPEG 9.9.2.
Environment
VIP Enterprise Gateway
Cause
Certain VIP EG files may trigger false-positive log4j vulnerability results due to an unused classpath reference in a file to a non-existent "\ext\log4j-1.2.17.jar".
| wrapper.java.classpath.1=..\bin\wrapper.jar wrapper.java.classpath.2=..\ext\engine.jar wrapper.java.classpath.3=..\ext\commons-logging-1.2.jar wrapper.java.classpath.4=..\ext\log4j-1.2.17.jar wrapper.java.classpath.5=..\ext\license.jar wrapper.java.classpath.6=..\ext\jersey-apache-client-1.17.1.jar |
The reference to ext\log4j-1.2.17.jar may be seen in the following files:
<Location where VIP Enterprise Gateway is installed>\VIP_Enterprise_Gateway\LdapSync\services\ldapSync\conf\wrapper1.conf
<Location where VIP Enterprise Gateway is installed>\VIP_Enterprise_Gateway\LdapSync\services\ldapSync\conf\wrapper2.conf
<Location where VIP Enterprise Gateway is installed>\VIP_Enterprise_Gateway\IDP\services\VIPMGR\conf\wrapper.conf
<Location where VIP Enterprise Gateway is installed>\VIP_Enterprise_Gateway\IDP\services\VIPSSP\conf\wrapper.conf
Additionally, log4j-1.2.17.jar files and references may also exist in backup.bak files by the VIP EG installer during an upgrade for rolling back the upgrade (example: VIP_Enterprise_Gateway9.9.2.bak.) These files can safely be deleted without affecting VIP EG functionality. Do not delete the active VIP_Enterprise_Gateway installation folder.
Resolution
VIP EG 9.9.2 only (these files are included in 9.10 and later):
- Download the attached VIP_EG992_BRCMVIP-1746_HotFix.zip and extract the contents to a temporary location on the server. (for example, opt/temp/ [linux] or c:\temp [windows]).
- Log in to the VIP EG Console and stop all running services.
- Stop the VIP Enterprise Gateway service from the Windows or Linux services and confirm all other VIP EG services are stopped.
- Delete the following files (some files may not exist if the service is not in use):
• \Program Files (x86)\Symantec\VIP_Enterprise_Gateway\LdapSync\services\ldapSync\conf\wrapper1.conf and wrapper2.conf
• \Program Files (x86)\Symantec\VIP_Enterprise_Gateway\IDP\services\SSP\conf\wrapper.conf
• \Program Files (x86)\Symantec\VIP_Enterprise_Gateway\IDP\services\VIPMGR\conf\wrapper.conf - Make a backup of the following files.
• \Program Files (x86)\Symantec\\VIP_Enterprise_Gateway\server\webapps\vipconsole.war
• \Program Files (x86)\Symantec\\VIP_Enterprise_Gateway\server\ext\engine.jar
• \Program Files (x86)\Symantec\\VIP_Enterprise_Gateway\server\ext\ldapsync.jar
• \Program Files (x86)\Symantec\\VIP_Enterprise_Gateway\version.txt - From the temporary directory where you extracted the file contents:
• Copy vipconsole.war to \VIP_Enterprise_Gateway\server\webapps
• Copy engine.jar to \VIP_Enterprise_Gateway\server\ext
• Copy ldapsync.jar to \VIP_Enterprise_Gateway\server\ext
• Copy version.txt to the \VIP_Enterprise_Gateway - Restart the VIP Enterprise Gateway service.
- Log in to the VIP EG console and start all required services. The wrapper files will be recreated as each service starts.
VIP EG 9.10 and later:
- Stop the VIP Enterprise Gateway service, VIP Manager Idp service, Self-service-portal IdP service, and/or all LDAP sync services.
- Delete the following files (some files may not exist if the service is not in use):
• \Program Files\Symantec\VIP_Enterprise_Gateway\LdapSync\services\ldapSync\conf\wrapper1.conf and wrapper2.conf
• \Program Files\Symantec\VIP_Enterprise_Gateway\IDP\services\SSP\conf\wrapper.conf
• \Program Files\Symantec\VIP_Enterprise_Gateway\IDP\services\VIPMGR\conf\wrapper.conf - Restart the VIP Enterprise Gateway service.
- Log in to the VIP EG console and start the services stopped in step 1. The wrapper .conf files will be recreated as each service starts.
VIP EG 9.11 and later
No manual hot fix is needed for this version as the vulnerable libraries have been updated.
Attachments
Feedback
