Open an issue with BMC on this and they may be willing to either update their references, or provide you with directions to do so :)
On Thu, Jul 11, 2013 at 12:19 PM, Differ, Alfred W CTR PHD NSWC, 210 < alfred.differ....@navy.mil> wrote: > Ah. Found it. Apparently there are external library references within the > diserver, data import tool, and Developer Studio that reference Jetty jar > files. > > This is bad news for me. I can't run ARS 8.1 with a compliance issue that > old. My security people would have my head. > > > Ah well... this is probably what I get for looking at the cutting edge > version. 8) > > -al > > > > -----Original Message----- > From: Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] On Behalf Of Joe D'Souza > Sent: Wednesday, July 10, 2013 5:23 PM > To: arslist@ARSLIST.ORG > Subject: Re: The role Jetty plays > > Neither have I seen or known ARS to be bundled with Jetty. It has got > there some other way but not the AR System installer. > > Cheers > > Joe > > > -----Original Message----- > From: Action Request System discussion list(ARSList) [mailto: > arslist@ARSLIST.ORG] On Behalf Of Dale Jones > Sent: Wednesday, July 10, 2013 3:11 PM > To: arslist@ARSLIST.ORG > Subject: Re: The role Jetty plays > > High Level - Jetty and Tomcat are comparable applications. (Jetty and > Tomcat are often cast as direct competitors.) > > I have never seen ARS Install Jetty or even attached to Jetty. > Most likely related to someone else doing installs or testing on your > server. > > I would recommend ARS to use Tomcat and have Jetty uninstalled. Check > directory and see when Jetty was installed, most likely not same date as > ARS. > > Take Care > Dale Jones > DCS > Raleigh, NC > 919-523-6034 > > ________________________________________ > From: Action Request System discussion list(ARSList) [arslist@ARSLIST.ORG] > on behalf of Differ, Alfred W CTR PHD NSWC, 210 [ > alfred.differ....@navy.mil] > Sent: Wednesday, July 10, 2013 2:47 PM > To: arslist@ARSLIST.ORG > Subject: The role Jetty plays > > Hi all, > > I'm learning to install the 8.1 ITSM product line on a windows 2008 R2 > environment for development uses. I typically get the IIS webserver and > Tomcat (7) running independently and then do the Remedy installation steps. > I had some issues with the preconfigured suite installer that I won't > bother going into in detail, and decided to install the ARS platform and do > things the old fashioned way while I learned. > > What has happened is I have the 8.1 ARS platform installed and it starts > ok, but my security guys are reporting security risks against what I've > done and I'm trying to learn from it. They are seeing an old version of > Jetty that has a known hash collision vulnerability and advising I update > it. Since I never saw anything mentioning Jetty during the install, my > first task to find out which installer did what. > > So my questions are as follows: > > On the application tier, what role does Jetty play if any? > What tools make use of this feature? (I might be able to skip installing > some parts for now while I learn.) > > It is possible this has nothing to do with the Remedy installation since > my sys admins also do things on the server without 'fully' understanding > the implications. I might be barking up the wrong tree. If anyone has any > ideas on what the security finding might suggest, though, I'd appreciate it. > (CVE-2011-4461) > > > -al > > > > > > ____________________________________________________________________________ > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the > Answers Are, and have been for 20 years" > > > ____________________________________________________________________________ > ___ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the > Answers Are, and have been for 20 years" > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the > Answers Are, and have been for 20 years" > > > _______________________________________________________________________________ > UNSUBSCRIBE or access ARSlist Archives at www.arslist.org > "Where the Answers Are, and have been for 20 years" > _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
