Vulnerability scan of VIOM reports root ownership of Apache Tomcat files and directories.

book

Article ID: 100061995

calendar_today

Updated On:

Description

Error Message

This will vary based on the vulnerability scanner used to scan VIOM, but these messages may indicate executable permissions of a file owned by root.

 

Cause

The vulnerability scanners are highlighting possible vulnerabilities present with these Apache Tomcat files owned by root with executable permissions.  

 

Resolution

The noted condition highlighted in this scan is resolved with VIOM 8.0.2 Patch 320.

The solution implemented was to change the root ownership to its own tomcat user and then clean up the permissions associated to these files.

Please upgrade to VIOM 8.0.2.320 or later to implement the required changes.

 

 

Issue/Introduction

Vulnerability scanners detect a possible issue in Veritas Infoscale Operations Manager (VIOM) installations on Linux, with files and directories located at /opt/VRTSsfmcs/webgui/tomcat/ having root ownership and open permissions. These files are Apache Tomcat files associated with the VIOM webserver.

Additional Information

JIRA: STESC-8434