Security Scan reports JDWP Vulnerability in UIM Server

Document ID : KB000005390
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

Security scans and/or penetration tests of a Unified Infrastructure Management (UIM) environment may indicate that a Java Debug Wire Protocol (JDWP) vulnerability has been detected.

While we have not received any reports of a successful exploitation of this vulnerability, security scanners may detect that it exists, preventing a UIM System from passing the scan. Also, some Security management may simply detect JDWP and request that it be disabled.

Environment:
Unified Infrastructure Management (UIM) 8.50 or prior
Cause:

In UIM 8.4 and prior, this is the result of specific configuration options on two probes -- baseline_engine and prediction_engine.

In UIM 8.47 and after, it is only in the prediction_engine. (Notes - In 8.47 and after, the JDWP issue is fixed in the baseline_engine and thus the setting is not found there. However, as FYI, in the prediction_engine, v1.34 in UIM 8.47 and 8.50, the JDWP argument is now stored in the prediction_engine section of the controller.cfg rather than the prediction_engine.cfg.)

Resolution:

To disable the use of Java Debug Wire Protocol (JDWP) in Unified Infrastructure Management (UIM) and allow the system to pass the security scan, apply the following steps.

For UIM 8.42 and earlier -
For each probe (baseline_engine and prediction_engine):

1. right-click the probe in Infrastructure Manager

2. From the popup menu, choose "Edit..." which allows you to edit the probe options.

3. In these options look for the "Arguments" field, which will contain a value similar to:

 -agentlib:jdwp=transport=dt_socket,address=55006,server=y,suspend=n -Djava.library.path="../../../lib" -jar lib/BaselineEngine-2.6.0.jar


Remove the following from that line:

 -agentlib:jdwp=transport=dt_socket,address=55006,server=y,suspend=n


So that the field reads:

-Djava.library.path="../../../lib" -jar lib/BaselineEngine-2.6.0.jar

(This example is the baseline_engine -- the prediction_engine will have similar options. Repeat for it.)

4. Once this argument is removed, click OK, and then deactivate/reactivate the probes.

 

For UIM 8.47 and later -
For the prediction_engine probe:

1. right-click the probe in Infrastructure Manager

2. From the popup menu, choose "Edit..." which allows you to edit the probe options.

3. In these options look for the "Arguments" field, which will contain a value similar to:

-Dlog4j.configurationFile=log4j2.xml -agentlib:jdwp=transport=dt_socket,address=55005,server=y,suspend=n -Djava.library.path="../../../lib" -jar lib/prediction_engine.jar


Remove the following from that line:

-agentlib:jdwp=transport=dt_socket,address=55005,server=y,suspend=n


So that the field reads:

-Dlog4j.configurationFile=log4j2.xml -Djava.library.path="../../../lib" -jar lib/prediction_engine.jar


4. Once this argument is removed, click OK, and then deactivate/reactivate the probes.