The fix for CVE-2021-44228, CVE-2021-45046, and CVE-2021-45105 vulnerabilities is available in the form of custom instructions for the Windows Server where Portal 1.x is installed.
The procedure below will take ~20 minutes to execute.
Portal 1.x : Mitigation for Apache's Log4j Exploit (CVE-2021-44228 , CVE-2021-45046, and CVE-2021-45105)
Issue
Solution
Before You Begin :
1. Familiarize yourself with the procedures included in this document.
2. Make sure that you have Administrator access to the Windows system where Portal is installed.
3. Identify the directory where Portal is installed. By default, that directory is
4. These instructions were developed on Windows Server 2008. Specific commands might differ depending on the version of Windows in use.
5. Take precautions to make sure you can revert to the version of Portal that existed before following this procedure. This may become necessary in case something unexpected happens
when following this procedure. At the very least this includes making backup copies of various files that you will modify before making changes. Ideally this would include having a snapshot
of the environment (if using a Virtual Machine) or a backup of the environment if Portal is deployed on Windows directly.
6. Follow these instructions exactly. Using third-party tools to modify the .jar file has been shown to corrupt the file with the result that the procedure fails.
2. Make sure that you have Administrator access to the Windows system where Portal is installed.
3. Identify the directory where Portal is installed. By default, that directory is
C:\Riverbed\SteelCentralPortal. If you chose a non-default directory when originally installing Portal,you will need to adjust these instructions accordingly.4. These instructions were developed on Windows Server 2008. Specific commands might differ depending on the version of Windows in use.
5. Take precautions to make sure you can revert to the version of Portal that existed before following this procedure. This may become necessary in case something unexpected happens
when following this procedure. At the very least this includes making backup copies of various files that you will modify before making changes. Ideally this would include having a snapshot
of the environment (if using a Virtual Machine) or a backup of the environment if Portal is deployed on Windows directly.
6. Follow these instructions exactly. Using third-party tools to modify the .jar file has been shown to corrupt the file with the result that the procedure fails.
Steps to mitigate the vulnerability :
As mentioned, ensure that you are backing up any files that are being changed.
1. To stop Portal services, navigate to Start Menu > All Programs > SteelCentral Portal and click on “Stop SteelCentral Portal Web Service”. Wait until Portal completely stops.
2. The vulnerable class JndiLookup.class is included in jar file log4j-core-2.2.jar and is present in three distinct directories in Portal software:
• C:\Riverbed\SteelCentralPortal\arx_proxy\arx-proxy\WEB-INF\lib
• C:\Riverbed\SteelCentralPortal\Tomcat\webapps\ROOT\WEB-INF\lib
• C:\Riverbed\SteelCentralPortal\Tomcat\webapps\scportal\WEB-INF\libIt is important to remove this class from all three instances of the jar.
3. Navigate to
4. Copy the file and rename it to
5. Goto Tools -> Folder Options -> View and uncheck “Hide extensions for known file types”.
6. Change the extension of the original file to “.zip” and navigate inside the archive to directory
7. Locate file
8. Navigate back up the to the lib directory and revert the extension back to “
9. Copy this patched jar and navigate to
10. Paste it in the above directory to replace vulnerable
11. Similarly, navigate to
12. To start Portal services, navigate to Start Menu > All Programs > SteelCentral Portal and click on “Start SteelCentral Portal Web Service”
3. Navigate to
C:\Riverbed\SteelCentralPortal\arx_proxy\arx-proxy\WEB-INF\lib and locate file log4j-core-2.2.jar4. Copy the file and rename it to
log4j-core-2.2.bak.5. Goto Tools -> Folder Options -> View and uncheck “Hide extensions for known file types”.
6. Change the extension of the original file to “.zip” and navigate inside the archive to directory
org\apache\logging\log4j\core\lookup7. Locate file
JndiLookup.class and DELETE it.8. Navigate back up the to the lib directory and revert the extension back to “
.jar”9. Copy this patched jar and navigate to
C:\Riverbed\SteelCentralPortal\Tomcat\webapps\ROOT\WEB-INF\lib10. Paste it in the above directory to replace vulnerable
log4j-core-2.2.jar11. Similarly, navigate to
C:\Riverbed\SteelCentralPortal\Tomcat\webapps\scportal\WEB-INF\lib and paste the patched jar to replace vulnerable log4j-core-2.2.jar in that directory.12. To start Portal services, navigate to Start Menu > All Programs > SteelCentral Portal and click on “Start SteelCentral Portal Web Service”
Related Bugs
Attachments
Related Files
NOTICE: Riverbed® product names have changed. Please refer to the Product List for a complete list of product names.
Can't find an answer? Create a case