DX Application Performance Management

  • Private Community
Back to Library

TEC1482344: Should I be concerned about the Logjam: TLS vulnerabilities (CVE-2015-4000) detected when accessing TIM via the MTP login page? 

Jun 16, 2016 11:21 AM

Document ID:  TEC1482344
Last Modified Date:  6/10/2016
Authored By: Aryne

  • Products
    • CA Application Performance Management
  • Releases
    • CA Application Performance Management:Release:10.2
    • CA Application Performance Management:Release:10.0
    • CA Application Performance Management:Release:10.1
    • CA Application Performance Management:Release:CA APM 9.5
    • CA Application Performance Management:Release:CA APM 9.6
    • CA Application Performance Management:Release:CA APM 9.7

Introduction:

The Logjam: TLS vulnerabilities (CVE-2015-4000) refer to situations where a remote user can exploit a flaw in the Java SE, JRockit, and Java SE Embedded SSL/TLS JSSE component to partially access and partially modify data [CVE-2015-4000].

 

Question:

Should I be concerned about the Logjam: TLS vulnerabilities (CVE-2015-4000) detected when accessing TIM via the MTP login page?

Environment:

TIM on MTP (Any Version)

 

Answer:

MTP does not run Java in any of its processes. It is installed as a prerequisite but is not running and none of our code uses it. There are never any active Java processes in MTP, hence this vulnerability should not be a concern in this case.

 

Additional Information:

For detailed information about these vulnerabilities, please see Logjam: TLS vulnerabilities (CVE-2015-4000)

 

Search the Entire CA APM Knowledge Base

Statistics
0 Favorited
0 Views
0 Files
0 Shares
0 Downloads

Related Entries and Links

No Related Resource entered.