Jump to content

Is WAR files kept in webapps folder is required post installation?

Madhavan TR
Go to solution Solved by Patrick Huebgen,

Recommended Posts

Background: We are using WEBFOCUS 82. Recently, when we ran vulnerability scan, we noticed the vulnerability "Vmware Spring: CVE-2022-22965: Spring Framework RCE via Data Binding" pointed to below files.

Action planned: We thought to keep below war files out of production server. This is with an assumption that below WAR files required only during redployment.

Query: Please suggest whether below WAR files can be moved out of production server or not. Thank you!!

<installation directory>webappswebfocus.war

<installation directory>webappswebfocus.war

<installation directory>worpcomponentsopsjsr168ops.war

<installation directory>webappsops286.war

<installation directory>webappsops286.war

Link to comment
Share on other sites

Those war files are one of they ways to deploy WebFOCUS - if they are in use depends on how you deployed WebFOCUS.

Are you using the war files in you AppServer Config.

Which version of WebFOCUS are you using?

Regarding CVE-2022-22965 - please check


Link to comment
Share on other sites

Hi Patrick,

We tried the steps mentioned in the url. We assume, we can safely remove the WAR files out of production server and keep it back up server. Thank you for explanation!!

  1. We are using Apache Tomcat (confirmed via HTTP Request info)
  2. We are using Java 1.8 (confirmed via JVM Property Info)
  3. We are not using war file. (confirmed via ibi_apps.xml)

<?xml version="1.0" encoding="UTF-8"?>

<Context useHttpOnly="true" path="/ibi_apps" docBase="**********ibiWebFOCUS82webappswebfocus"> </Context>

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...