BookmarkSubscribeRSS Feed
Gkrause
Fluorite | Level 6

Hi Guys!

 

This is a rather general question. There is a security bug which affects the JBOSS-Servers (check: https://bugzilla.redhat.com/show_bug.cgi?id=1279330). A lot of SAS-Webapplications are using JBOSS, i wonder what effect this may have on these applications.

Thanks.

 

Gunnar

3 REPLIES 3
anja
SAS Employee

Hi Gunnar,

 

please take a look at the folllowing link. Is this what you are looking for?

http://support.sas.com/security/Java-deserialization.html

 

Thanks

Anja

Gkrause
Fluorite | Level 6

Hi Anja,

 

yes this is exatctly the issue but the link does not show any solution. It is just a notification that sas knows about the issue.

Anyhow...I am not really sure if this is a SAS responsibility or if the people behind JBoss must act here?

 

Thanks.

Gunnar

boemskats
Lapis Lazuli | Level 10

Hi Gunnar,

 

I highly recommend reading through this note if it applies to your version of JBoss:

 

https://access.redhat.com/solutions/30744

 

It's an older vulnerability with a poorly secured JMX console. Although you should be ok if you're running on an internal network and/or non-standard port, you should exercise extreme caution if you're running a publically accessible SAS server without a reverse proxy. I've had to chase a couple of trojans down, it's not fun. The fix in that link is relatively straightforward.

 

Hope this helps.

 

Nik

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 3 replies
  • 1214 views
  • 1 like
  • 3 in conversation