Uploaded image for project: 'UIMA'
  1. UIMA
  2. UIMA-5636

UIMA-DUCC: restrict JMX access when running with older java

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Trivial
    • Resolution: Fixed
    • None
    • 2.2.2-Ducc
    • DUCC
    • None

    Description

      Older java contain JMX related security vulnerability as described by CVE-2016-3427. DUCC processes run with JMX enabled by default and the java vulnerability can be exploited.
      The main fix is to run with a newer java. These are the versions of java that contain the fix:

      IBM - 1.7.0.9.40, 1.7.1.3_40, 1.8.0.3.0
      Oracle (Sun) - 1.7.0_101+, 1.8.0_91+
      Java 9 (Oracle & IBM)

      Ducc code should introspect java version at runtime and lock down JMX when running with a version that is known to have the vulnerability. External JMX access should not be allowed.

      Attachments

        Activity

          People

            cwiklik Jaroslaw Cwiklik
            cwiklik Jaroslaw Cwiklik
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: