Before You Begin :
1. Familiarize yourself with the procedures included in this document.
2. Make sure that you have Administrator access to the Windows system where Portal is installed.
3. Identify the directory where Portal is installed. By default, that directory is C:\Riverbed\SteelCentralPortal
. If you chose a non-default directory when originally installing Portal,you will need to adjust these instructions accordingly.
4. These instructions were developed on Windows Server 2008. Specific commands might differ depending on the version of Windows in use.
5. Take precautions to make sure you can revert to the version of Portal that existed before following this procedure. This may become necessary in case something unexpected happens
when following this procedure. At the very least this includes making backup copies of various files that you will modify before making changes. Ideally this would include having a snapshot
of the environment (if using a Virtual Machine) or a backup of the environment if Portal is deployed on Windows directly.
6. Follow these instructions exactly. Using third-party tools to modify the .jar file has been shown to corrupt the file with the result that the procedure fails.
Steps to mitigate the vulnerability :
As mentioned, ensure that you are backing up any files that are being changed.
1. To stop Portal services, navigate to Start Menu > All Programs > SteelCentral Portal and click on “Stop SteelCentral Portal Web Service”. Wait until Portal completely stops.
2. The vulnerable class JndiLookup.class is included in jar file log4j-core-2.2.jar and is present in three distinct directories in Portal software:
• C:\Riverbed\SteelCentralPortal\arx_proxy\arx-proxy\WEB-INF\lib
• C:\Riverbed\SteelCentralPortal\Tomcat\webapps\ROOT\WEB-INF\lib
• C:\Riverbed\SteelCentralPortal\Tomcat\webapps\scportal\WEB-INF\lib
It is important to remove this class from all three instances of the jar.
3. Navigate to C:\Riverbed\SteelCentralPortal\arx_proxy\arx-proxy\WEB-INF\lib
and locate file log4j-core-2.2.jar
4. Copy the file and rename it to log4j-core-2.2.bak
.
5. Goto Tools -> Folder Options -> View and uncheck “Hide extensions for known file types”.
6. Change the extension of the original file to “.zip” and navigate inside the archive to directory org\apache\logging\log4j\core\lookup
7. Locate file JndiLookup.class
and DELETE it.
8. Navigate back up the to the lib directory and revert the extension back to “.jar
”
9. Copy this patched jar and navigate to C:\Riverbed\SteelCentralPortal\Tomcat\webapps\ROOT\WEB-INF\lib
10. Paste it in the above directory to replace vulnerable log4j-core-2.2.jar
11. Similarly, navigate to C:\Riverbed\SteelCentralPortal\Tomcat\webapps\scportal\WEB-INF\lib
and paste the patched jar to replace vulnerable log4j-core-2.2.jar in that directory.
12. To start Portal services, navigate to Start Menu > All Programs > SteelCentral Portal and click on “Start SteelCentral Portal Web Service”