Jerry Cwiklik created UIMA-5636:
-----------------------------------
Summary: UIMA-DUCC: restrict JMX access when running with older
java
Key: UIMA-5636
URL: https://issues.apache.org/jira/browse/UIMA-5636
Project: UIMA
Issue Type: Improvement
Components: DUCC
Reporter: Jerry Cwiklik
Assignee: Jerry Cwiklik
Fix For: 2.2.2-Ducc
Older java contain JMX related security vulnerability as described by
CVE-2016-3427. DUCC processes run with JMX enabled by default and the java
vulnerability can be exploited.
The main fix is to run with a newer java. These are the versions of java that
contain the fix:
IBM - 1.7.0.40, 1.7.1.3_40, 1.8.0.3.0
Oracle (Sun) - 1.7.0_101+, 1.8.0_91+
Java 9 (Oracle & IBM)
Ducc code should introspect java version at runtime and lock down JMX when
running with a version that is known to have the vulnerability. External JMX
access should not be allowed.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
