Vulnerabilities found under RQM v2.0.1.1
Hi
Is there any know vulnerabilities reported with reference to RQM v2.0.1.1 and Apache Tomcat that is shipped with RQM.
Following are a few vulnerabilities that are found under RQM after a scan process done.
1) X.509 Server Certificate Is Invalid/Expired
2) Apache Tomcat default installation/welcome page installed
3) MD5-based Signature in TLS/SSL Server X.509 Certificate
Thanks
Is there any know vulnerabilities reported with reference to RQM v2.0.1.1 and Apache Tomcat that is shipped with RQM.
Following are a few vulnerabilities that are found under RQM after a scan process done.
1) X.509 Server Certificate Is Invalid/Expired
2) Apache Tomcat default installation/welcome page installed
3) MD5-based Signature in TLS/SSL Server X.509 Certificate
Thanks
Comments
Rajesh Avanthi
Mar 18 '13, 12:19 a.m.Inputs if any on the above question, please ??
Kevin Ramer
Mar 18 '13, 4:20 p.m.1) buy a signed SSL certificate or if your company permits, use self-signed
2) Delete all the directories under webapps (except the jazz, jazz.war)
3) Edit the connector definition in conf/server.xml with a ciphers= entry. e.g.
ciphers="TLS_DHE_RSA_WITH_AES_12
8_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128
_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA"