Users uploading vulnerabilities through the mar file upload
search cancel

Users uploading vulnerabilities through the mar file upload

book

Article ID: 249023

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Our DevTest servers are continuously being scanned for vulnerabilities because our users can upload certs with the mar upload.

Many of these certs can be expired and when uploaded, reside on the DevTest directory: D:\apps\DevTest\CA\DevTest\lisatmp_10.7.2\

Once on the server, Qualys scans flag the server for having expired certificate vulnerabilities.

Please help to resolve this as we cannot control our users and the fact that they upload expired certs.

Environment

Release : 10.7.2

Component : DevTest Vulnerability

Cause

Expired certs in mar files  need to be removed. 

Resolution

Here are some suggestions. 

Option 1:

Every time you have a restart,  delete the lisatmp_10.7.2  folder..  That would clear the expired jks files in lisatmp/lads folder

Option 2:

Go to the project in DEVTEST folder,  and delete all the JKS files that is expired   

Then redeploy those VSM's using an API. 

This should clear it permanently.