TEC1482344: Should I be concerned about the Logjam: TLS vulnerabilities (CVE-2015-4000) detected when accessing TIM via the MTP login page?

Document created by Aryne Employee on Jun 16, 2016Last modified by SamCreek on Jun 16, 2016
Version 2Show Document
  • View in full screen mode

Document ID:  TEC1482344
Last Modified Date:  6/10/2016
Authored By: Aryne

  • Products
    • CA Application Performance Management
  • Releases
    • CA Application Performance Management:Release:10.2
    • CA Application Performance Management:Release:10.0
    • CA Application Performance Management:Release:10.1
    • CA Application Performance Management:Release:CA APM 9.5
    • CA Application Performance Management:Release:CA APM 9.6
    • CA Application Performance Management:Release:CA APM 9.7

Introduction:

The Logjam: TLS vulnerabilities (CVE-2015-4000) refer to situations where a remote user can exploit a flaw in the Java SE, JRockit, and Java SE Embedded SSL/TLS JSSE component to partially access and partially modify data [CVE-2015-4000].

 

Question:

Should I be concerned about the Logjam: TLS vulnerabilities (CVE-2015-4000) detected when accessing TIM via the MTP login page?

Environment:

TIM on MTP (Any Version)

 

Answer:

MTP does not run Java in any of its processes. It is installed as a prerequisite but is not running and none of our code uses it. There are never any active Java processes in MTP, hence this vulnerability should not be a concern in this case.

 

Additional Information:

For detailed information about these vulnerabilities, please see Logjam: TLS vulnerabilities (CVE-2015-4000)

 

Search the Entire CA APM Knowledge Base

Attachments

    Outcomes