How To
Summary
A Java JMX agent running on the DOORS Web Access broker host is configured without SSL client and password authentication.
An unauthenticated remote attacker can connect to the JMX agent, and monitor and manage the Java application with the agent enabled.
This article provides instructions on how to disable JMX agent so that an unauthenticated remote attacker cannot gain access.
Steps
Perform the following steps on the DWA broker host:
1) Navigate to <DWA_Installation_Directory>
2) Stop running instance of DWA
3) Take backup of broker.start.bat file
4) Edit the original broker.start.bat file:
a) Append the -Dorg.apache.camel.jmx.disabled=true at the end of the line starting with "set ACTIVEMQ_OPTS="
Change
set ACTIVEMQ_OPTS=-Xmx128M -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Dorg.apache.activemq.store.kahadb.LOG_SLOW_ACCESS_TIME=1500
To
set ACTIVEMQ_OPTS=-Xmx128M -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Dorg.apache.activemq.store.kahadb.LOG_SLOW_ACCESS_TIME=1500 -Dorg.apache.camel.jmx.disabled=true
b) Comment out the existing line set SUNJMX= by adding "rem" in the front.
Change
set SUNJMX=-Dcom.sun.management.jmxremote.port=%BROKER_ADMIN_PORT% -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
To
rem set SUNJMX=-Dcom.sun.management.jmxremote.port=%BROKER_ADMIN_PORT% -Dcom.sun.management.jmxremote.authenticate=false -Dcom.sun.management.jmxremote.ssl=false
c) Replace the line with set SUNJMX=-Dcom.sun.management.jmxremote=false
Add the following line
set SUNJMX=-Dcom.sun.management.jmxremote=false
5) Save and close the broker.start.bat file
6) Start DWA instance
The broker startup window displays "INFO | JMX is disabled"
7) Check the DWA and all other components are working fine
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB59","label":"Sustainability Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSKR2T","label":"IBM Engineering Requirements Management DOORS"},"ARM Category":[{"code":"a8m50000000CiqdAAC","label":"DOORS->DOORS Web Access (DWA)"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
11 April 2022
UID
ibm16569117