-
Title
How to disable the JMX/RMI interface on the Mart Server to address CVE-2015-0225 -
Description
How to disable the JMX/RMI interface on the Mart Server to address CVE-2015-0225 -
Resolution
Description:
How to disable the JMX/RMI interface on the Mart Server to address CVE-2015-0225.
Solution:
JMX/RMI is part of the JDK that is shipped with the product, however it is NOT actually used by the Mart application. If your security team still flags this vulnerability, then you can follow the below steps to disable the JMX/RMI interface. There should be no affect to Mart functionality since erwin does not use JMX.
1. Go to C:\Program Files\erwin\Mart Server r9\Tomcat64\bin and open service.bat
2. Remove the following JvmOptions and save:
-Dcom.sun.management.jmxremote.port=%my.jmx.port%
-Dcom.sun.management.jmxremote.ssl=false
-Dcom.sun.management.jmxremote.authenticate=false
3. Delete the Mart Server service and recreate it
Please see the following references for more information:
https://tomcat.apache.org/tomcat-8.0-doc/monitoring.html
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=441453905.
For more information on this vulnerability, please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0225 and reach out at https://support.erwin.com/hc/en-us if you have any questions.