Qualys Scan reports huge number of vulnerabilities in our EBS R12.2.10 servers where JDK was upgraded to 1.7.0_331. Vulnerability issue became a priority task for us due to corporate security requirement.
$ $ADJVAPRG -version
java version "1.7.0_331"
Java(TM) SE Runtime Environment (build 1.7.0_331-b06)
Java HotSpot(TM) Server VM (build 24.331-b06, mixed mode)
$ $AFJVAPRG -version
java version "1.7.0_331"
Java(TM) SE Runtime Environment (build 1.7.0_331-b06)
Java HotSpot(TM) 64-Bit Server VM (build 24.331-b06, mixed mode)
Some vulnerabilities can be addressed by applying latest CPU patches, upgrading JDK and JRE (see details).
Vulnerabilities also reported:
$COMMON_TOP/clone/FMW/t2pjdk/bin/java 1.7.0_85-b15 Enhanced
$COMMON_TOP/clone/FMW/t2pjdk/jre/bin/java 1.7.0_85-b15 Enhanced
(It is safe to delete above folders because they will be recreated by an adpreclone.pl run)
$COMMON_TOP/clone/jre/bin/java 1.7.0_331-b06 Enhanced
(It is not in JDK folders and so a JDK upgrade will not fix it. But it may be recreated by an adpreclone.pl run)
$COMMON_TOP/adopclone_nodeName/FMW/t2pjdk/jre/bin/java 1.7.0_85-b15 Enhanced
$COMMON_TOP/adopclone_nodeName/FMW/t2pjdk/bin/java 1.7.0_85-b15 Enhanced
$COMMON_TOP/adopclone_nodeName/jre/bin/java 1.7.0_85-b15 Enhanced
($COMMON_TOP/adopclone_nodeName may get created/updated from ADOP run, such as fs_clone. nodeName is the EBS host, where ADOP (or adpreclone.pl?) ran. )
$APPL_TOP/msc/12.0.0/bin/SNO/scp/12.2/sno/installer_jre/bin/java 1.6.0_12-b04 Enhanced
$APPL_TOP/msc/12.0.0/bin/PS/scp/12.2/ps/jre/bin/java 1.8.0_92-b14 Enhanced
Oracle support confirmed that they can be deleted and some of them will be recreated next time adpreclone.pl is run. I wrote a script to clean them on RUN file system (and on PATCH file system or run FS_CLONE).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# delete Java files for vulnerabilities by Qualys report
curr=`pwd`
echo "current path: $curr"
cd $COMMON_TOP/clone/FMW/t2pjdk/bin
pwd
ls -al java
rm -f java
cd $COMMON_TOP/clone/FMW/t2pjdk/jre/bin
pwd
ls -al java
rm -f java
cd $COMMON_TOP/clone/jre/bin
pwd
ls -al java
rm -f java
cd $APPL_TOP/msc/12.0.0/bin/SNO/scp/12.2/sno/installer_jre/bin
pwd
ls -al java
rm -f java
cd $APPL_TOP/msc/12.0.0/bin/PS/scp/12.2/ps/jre/bin
pwd
ls -al java
rm -f java
# loop folder(s) $COMMON_TOP/adopclone_*
for x in `ls -ald $COMMON_TOP/adopclone_* |egrep "^drw" |awk '{print $9}'`
do
echo Under path: $x
cd $x/jre/bin
pwd
ls -al java
rm -f java
cd $x/FMW/t2pjdk/jre/bin
pwd
ls -al java
rm -f java
cd $x/FMW/t2pjdk/bin
pwd
ls -al java
rm -f java
done
cd $curr
exit
No comments:
Post a Comment