CA Common Components JRE 1.5 vulnerability.
search cancel

CA Common Components JRE 1.5 vulnerability.

book

Article ID: 94183

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) Workload Automation Agent

Issue/Introduction



The Security team ran a scan on the CA WAAE and CA WCC Servers. The Java 1.5 in the /opt/CA/SharedComponents/JRE showed up on their list. Can we remove or upgrade this JRE 1.5 to a supported release?

Environment

CA WAAE/WCC 11.3.5/11.3.6/11.4 with any of the CA Common Components (CCI, Event Management, Embedded Entitlements Manager) installed. All supported Linux operating System.

Resolution

The CA-diadna is consuming JRE 1.5 (/opt/CA/SharedComponents/JRE/1.5.0_11). CA-diadna is not required by CA CCI, Event Management and Embedded Entitlements Manager so it is safe to disable its start up during system reboot. The following command will disable CA-diadna from automatic startup: `unisrvcntr register -D CA-diadna`. This will stop the JRE 1.5 usage.

However, if you want to remove JRE 1.5 altogether, then perform the following steps as root user:

1. Stop the CA-diadna service
# cd $CASHCOMP/ccs/dia/dna/bin
# ./dnacntl stop

2. Check CA-diadna service is stopped (CA-diadna shows inactive):
# ustat

3. Confirm that no process is using the JRE 1.5
# lsof +D '/opt/CA/SharedComponents/JRE/'

4. Backup the CAdiadna startup script and de-register it from startup list.
# cp -p /etc/init.d/CA-diadna /opt/CA/SharedComponents/tmp/
# unisrvcntr register -D CA-diadna
# ustat

Note: ustat should not list CA-diadna at this point.

5. Remove CA DIA-DNA and JRE 1.5 packages
# cd
# rpm -e ca-cs-dia-dna-11.2.11350-1254.i586
# rpm -e ca-cs-jre-1.5.0-11.i386

As for upgrading the JRE to a later release, CA has NOT tested or certified CA-diadna component with other JRE releases and hence upgrading is not a supported option.