Is the WAS DefaultApplication and the ivtApp used in a jazz productive environement?
Our Company internal security scan agent has complained about
Because all of our Jazzservers have also this "DefaultApplication" installed, I think the same issue will also popup for Jazz.
See also http://www.nessus.org/plugins/index.php?view=single&id=62738 and Technote from IBM http://www-01.ibm.com/support/docview.wss?uid=swg21599361
Is there any issue if we remove the "DefaultApplication", except some trouble shooting, which can not be done?
Additional: For what is the "ivtApp"? Can we also remove this, or at least remove it out of the plugin-cfg.xml or change the context root for it, so the scanner is not finding it?
Maybe the technote could be enhanced to mention also Jazz based products and not only ClearQuest.
"The web server is affected by multiple information disclosure vulnerabilities"for our Clearquest server, because of the Websphere "DefaultApplication", installed per default on profile creation.
Because all of our Jazzservers have also this "DefaultApplication" installed, I think the same issue will also popup for Jazz.
See also http://www.nessus.org/plugins/index.php?view=single&id=62738 and Technote from IBM http://www-01.ibm.com/support/docview.wss?uid=swg21599361
Is there any issue if we remove the "DefaultApplication", except some trouble shooting, which can not be done?
Additional: For what is the "ivtApp"? Can we also remove this, or at least remove it out of the plugin-cfg.xml or change the context root for it, so the scanner is not finding it?
Maybe the technote could be enhanced to mention also Jazz based products and not only ClearQuest.
Accepted answer
You can safely remove the DefaultApplication and ivtApp applications installed from WAS profile creation. Jazz does not need them. They are helpful in the beginning of the Jazz server setup to verify your web server and app server (and reverse proxy server). It is highly recommended to remove them from your production server after the server is installed and configured to be used as a production server.
The ivt one is used by "firststeps" of the WAS product to do installation verification.
When you create the WAS profile, you had a choice not to install "Sample application". If you deselected that component, the apps won't be installed/
The ivt one is used by "firststeps" of the WAS product to do installation verification.
When you create the WAS profile, you had a choice not to install "Sample application". If you deselected that component, the apps won't be installed/