My Oracle Support Banner

Common Issues Identified in Java Web Console by 3rd Party Vulnerability Scanning Tools (Doc ID 1515974.1)

Last updated on FEBRUARY 03, 2019

Applies to:

Solaris Operating System - Version 10 3/05 to 10 8/11 U10 [Release 10.0]
Information in this document applies to any platform.

Purpose

Companies regularly scan their systems using vulnerability scanners like Nessus or Retina and these applications almost always detects problems with Java Web Console running on port 6789.

This document serves to document these known issues and provide an explanation for each and details on how to resolve them.

First some guidance...

Always ensure you have the latest version of the Java Web Console patch (SPARC: 147673, X86: 147674) installed BEFORE performing your vulnerability scan.
As a general rule, you should make sure you have the very latest Critical Patch Update (CPU) patchset applied too to ensure your entire system is free from known security vulnerabilities.

If you are not using the Java Web Console, disable it as per the details in the How to Disable the Console Service section of the System Administration Guide: Basic Administration guide.

If you are using the Java Web Console and you do not require more access, ie the ability to connect to the Java Web Console from another host, then disable remote access as per the details in the Disabling Remote Access to the Oracle Java Web Console section of the System Administration Guide: Basic Administration guide.

Scope

All of these vulnerabilities only apply to Java Web Console running on port 6789.
Please consult your vulnerability scanner vendor for further assistance on any other issues identified on other ports.

Details

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Purpose
Scope
Details
 Self-Signed Certificate
 SSL Certificate with Wrong Hostname
 Weak and Medium Strength Ciphers Supported
 Certificate Signed using Weak Hashing Algorithm
 Any Other Vulnerabilities
References

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.