VERIFIED SOLUTION i
X

'Java RMI Server Insecure Default Configuration Remote Code Execution Vulnerability' in Spectrum server

Issue

In Spectrum, 'Java RMI Server Insecure Default Configuration Remote Code Execution Vulnerability' is experienced.

Vulnerability screenshot
 

Cause

Port 1099 is used by Spatial for Jackrabbit communication. It is required that a RMI connection can be established from local to local on the server machine.

Resolution

UPDATED: July 23, 2018


Follow these steps:
  1. Add  -Djava.rmi.server.useCodebaseOnly on spatial/java.vmargs file.
  2. restart the Spectrum server.
  3. Once server is up and running, run the vulnerability test again.

Environment Details

Product Affected: Spectrum Technology Platform
Product Feature: Installation / Upgrade
Operating System: Windows Server 2012 R2

Downloads

  • No Downloads