clickJacking Security vulnerability was found on Jetty that USS is using

Document ID : KB000038688
Last Modified Date : 14/02/2018
Show Technical Document Details

Problem: 

Security vulnerability is found on Jetty that USS is running.

Environment:  

CA Service Catalog 14.1 

Cause: 

Jetty service is only used when the USS is using web notification for communities in USS.  For security reasons, Jetty service should be shut down if USS is not using web notifications.  

Resolution:

Check portal-ext.properties file on their USS server , the following configuration parameter is set as false :

              cometd.enable=false

If the above configuration is set to false, it is confirmed that USS is not using Web  Notifications feature at all . So Jetty Service can be safely shutdown.

Note : after Jetty Service is down , Communities shall be working without any problem .

Additional Information:

If you want to go further by turning off the Communities feature in USS GUI completely, you can check the information here