Toby Mills Posted November 30, 2022 Share Posted November 30, 2022 After upgrading from 8207->9.1, my VMs are getting flagged with this finding: https://www.tenable.com/cve/CVE-2021-21315NodeJS System Information Library Command Injection (CVE-2021-21315)I'm having a hard time locating what this is trying to tell me as far as the WebFOCUS installs go. What I've found so far is in Appendix D: of the WFRS admin manual. We (WebFOCUS) reference node_js in the edaserve.cfg. if it's available, we'd use that to help out with in document analytics. My installs include a nose_js value which is the VM name and a port number of 8126. (5 higher than the HTTP listener port default of 8121). It's totally possible the virus scanning guys think this is a webFOCUS thing but it's really a windows thing. EDAPRINT.LOG shows me: 11/28/2022 14:15:06.283 E nodejs startup failed (nodejs package likely not installed or not on PATH)So from a WFRS perspective, it can't find it. Opened a case but I feel like this may not be a WF thing. Here's what the response part of the finding says - I'd love to see the request side of this: "Plugin Output: Nessus was able to exploit a command injection vulnerability bysending a specially crafted payload to the remote systemand confirmed an exposure on the following port: 47001Nessus received the following response from the remote system: ${jndi:ldap://log4shell-generic-NEpunx5BV7eGMZp5tYgj${lower:ten}.w.nessus.org/nessus}"Using some DOS commands, I can find that port 47001 is in use by PID 4 which, when I look to see what program has PID 4, it's Windows Services. So how is this a WF thing? I'll post when I've learned more. Link to comment Share on other sites More sharing options...
Solution Patrick Huebgen Posted December 21, 2022 Solution Share Posted December 21, 2022 Hi Toby - port 47001 is usually not used by WebFOCUS - as far as I know this port is used by "Windows Remote Management Service" not by WebFOCUS - WebFOCUS 9.1 has no log4shell vulnerability in 9.1Have a great dayPatrick Link to comment Share on other sites More sharing options...
Toby Mills Posted December 21, 2022 Author Share Posted December 21, 2022 Thanks Patrick -reminds me I should come back to update this.I opened a case with the EDA guys and after conferring with the product folks, we can make use of node.js if it's installed, but on our own, we don't install node.js (or node.exe). Confirmed by Jared in support and the product division. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now