Blade ZipKit Package Info
|Name: Struts Vulnerability Check|
|Type: Component Template|
|BSA Compatible Version: 8.5, 8.6, 8.7|
|Tested on version: 18.104.22.1686|
|Tested on host running: Windows 2012, Windows 2012 R2|
This component template checks for vulnerable jar, ear, war files that exist on servers. It leverages the OWASP library definitions to scan the specified directories and checks against know vulnerabilities.
Instructions for importing the package:
- Download the attached zip file
- Extract the content to a location accessible by the BSA Console
- From the BSA Console, select Component Templates , right-click and select Import (version-neutral)
- Browse to the location of the download file Struts_Vulnerability_Check.zip
- Check the box for "Automatically map or create export group"
- Click Next twice
- Click Finish
- Copy the dependency_check.nsh script to the extended_objects folder on the file server (Create Extended Objects folders if not present). For example, the default path would be C:\Program Files\BMC Software\BladeLogic\NSH\storage\extended_objects
- Open the Component Template in BSA Console
- Modify the following Local Properties based on your environment details as listed in the attached word doc
Per the screen-shot below, it will show the path to the file in question when run against a vulnerable system.