BookmarkSubscribeRSS Feed
Gkrause
Fluorite | Level 6

Hi Guys!

 

This is a rather general question. There is a security bug which affects the JBOSS-Servers (check: https://bugzilla.redhat.com/show_bug.cgi?id=1279330). A lot of SAS-Webapplications are using JBOSS, i wonder what effect this may have on these applications.

Thanks.

 

Gunnar

3 REPLIES 3
anja
SAS Employee

Hi Gunnar,

 

please take a look at the folllowing link. Is this what you are looking for?

http://support.sas.com/security/Java-deserialization.html

 

Thanks

Anja

Gkrause
Fluorite | Level 6

Hi Anja,

 

yes this is exatctly the issue but the link does not show any solution. It is just a notification that sas knows about the issue.

Anyhow...I am not really sure if this is a SAS responsibility or if the people behind JBoss must act here?

 

Thanks.

Gunnar

boemskats
Lapis Lazuli | Level 10

Hi Gunnar,

 

I highly recommend reading through this note if it applies to your version of JBoss:

 

https://access.redhat.com/solutions/30744

 

It's an older vulnerability with a poorly secured JMX console. Although you should be ok if you're running on an internal network and/or non-standard port, you should exercise extreme caution if you're running a publically accessible SAS server without a reverse proxy. I've had to chase a couple of trojans down, it's not fun. The fix in that link is relatively straightforward.

 

Hope this helps.

 

Nik

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

CLI in SAS Viya

Learn how to install the SAS Viya CLI and a few commands you may find useful in this video by SAS’ Darrell Barton.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 978 views
  • 1 like
  • 3 in conversation