It's all about the answers!

Ask a question
QuestionsTagsUsersBadges
Guidelines | FAQ
Follow this question
Question details

×10,946
×4,710

question asked: Mar 15 '13, 3:07 a.m.
question was seen: 3,828 times
last updated: Mar 18 '13, 4:20 p.m.

Related questions

Vulnerabilities found under RQM v2.0.1.1

0
Rajesh Avanthi (10815145173) | asked Mar 15 '13, 3:07 a.m.
Hi

Is there any know vulnerabilities reported with reference to RQM v2.0.1.1 and Apache Tomcat that is shipped with RQM.

Following are a few vulnerabilities that are found under RQM after a scan process done.

1) X.509 Server Certificate Is Invalid/Expired
2) Apache Tomcat default installation/welcome page installed
3) MD5-based Signature in TLS/SSL Server X.509 Certificate

Thanks




Comments
Rajesh Avanthi commented Mar 18 '13, 12:19 a.m.

Inputs if any on the above question, please ??

Kevin Ramer commented Mar 18 '13, 4:20 p.m.

1) buy a signed SSL certificate or if your company permits, use self-signed
2) Delete all the directories under webapps (except the jazz, jazz.war)
3) Edit the connector definition in conf/server.xml with a ciphers= entry.  e.g.

ciphers="TLS_DHE_RSA_WITH_AES_12
8_CBC_SHA,SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128
_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA"

One answer

Most liked answers ↑|Newest answers|Oldest answers

0
permanent link
Ara Masrof (3.2k15) | answered Mar 18 '13, 4:00 p.m.
JAZZ DEVELOPER
 Rajesh,
You can identify the version of Tomcat you have installed by running the version command from within the "...server\tomcat\bin" folder
Once you have the version you can perform a search on "tomcat.apache.org" for the vulnerabilities for that specific version


Ara
 

Your answer

Register or to post your answer.


Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.