01-13-2016 03:52 AM
This is a rather general question. There is a security bug which affects the JBOSS-Servers (check: https://bugzilla.redhat.com/show_bug.cgi?id=1279330). A lot of SAS-Webapplications are using JBOSS, i wonder what effect this may have on these applications.
01-14-2016 08:15 AM
please take a look at the folllowing link. Is this what you are looking for?
01-15-2016 04:18 AM
yes this is exatctly the issue but the link does not show any solution. It is just a notification that sas knows about the issue.
Anyhow...I am not really sure if this is a SAS responsibility or if the people behind JBoss must act here?
01-14-2016 11:20 AM
I highly recommend reading through this note if it applies to your version of JBoss:
It's an older vulnerability with a poorly secured JMX console. Although you should be ok if you're running on an internal network and/or non-standard port, you should exercise extreme caution if you're running a publically accessible SAS server without a reverse proxy. I've had to chase a couple of trojans down, it's not fun. The fix in that link is relatively straightforward.
Hope this helps.