Hi all, I'm learning to install the 8.1 ITSM product line on a windows 2008 R2 environment for development uses. I typically get the IIS webserver and Tomcat (7) running independently and then do the Remedy installation steps. I had some issues with the preconfigured suite installer that I won't bother going into in detail, and decided to install the ARS platform and do things the old fashioned way while I learned.
What has happened is I have the 8.1 ARS platform installed and it starts ok, but my security guys are reporting security risks against what I've done and I'm trying to learn from it. They are seeing an old version of Jetty that has a known hash collision vulnerability and advising I update it. Since I never saw anything mentioning Jetty during the install, my first task to find out which installer did what. So my questions are as follows: On the application tier, what role does Jetty play if any? What tools make use of this feature? (I might be able to skip installing some parts for now while I learn.) It is possible this has nothing to do with the Remedy installation since my sys admins also do things on the server without 'fully' understanding the implications. I might be barking up the wrong tree. If anyone has any ideas on what the security finding might suggest, though, I'd appreciate it. (CVE-2011-4461) -al _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
smime.p7s
Description: S/MIME cryptographic signature
