Blade ZipKit - Struts Vulnerability Check

Version 1

    Blade ZipKit Package Info

    Name: Struts Vulnerability Check
    Type: Component Template
    BSA Compatible Version: 8.5, 8.6, 8.7
    Version: 1.0

    Created by: Siddharth Burle Akbar Aziz suresh Balla

    Tested on version:
    Tested on host running: Windows 2012, Windows 2012 R2


    This component template checks for vulnerable jar, ear, war files that exist on servers. It leverages the OWASP library definitions to scan the specified directories and checks against know vulnerabilities.


    Instructions for importing the package:

    1. Download the attached zip file
    2. Extract the content to a location accessible by the BSA Console
    3. From the BSA Console, select Component Templates , right-click and select Import (version-neutral)
    4. Browse to the location of the download file
    5. Check the box for "Automatically map or create export group"
    6. Click Next twice
    7. Click Finish
    8. Copy the dependency_check.nsh script to the extended_objects folder on the file server (Create Extended Objects folders if not present). For example, the default path would be C:\Program Files\BMC Software\BladeLogic\NSH\storage\extended_objects
    9. Open the Component Template in BSA Console
    10. Modify the following Local Properties based on your environment details as listed in the attached word doc


    Per the screen-shot below, it will show the path to the file in question when run against a vulnerable system.