Introduction

This document defines step by step instructions to deploy the security hot fix over Ephesoft 4.1.3.0.

Security Vulnerabilities Fixed

For more details please Email Support at tickets@ephesoft.com

Assumptions

Following are the assumptions taken while devising the hot fix: –

  1. The Ephesoft 4.1.3.0 is up and running with valid Ephesoft license.
  2. Operating System is Windows.

Deployment Steps

The deployment steps are broken into categories to make deployment easier.

First Step

  1. Stop the Ephesoft server.
  2. Download the solution from here.
  3. Extract the solution and name it as ‘Security-Hot-Fix’.

Delete Components

Delete the following components which are vulnerable (if not required) :-

  1. If the valid license is installed, please delete<Ephesoft-Installation-Directory>/Dependencies/license-util’.
  2. If not using default mariadb provided by Ephesoft, please delete<Ephesoft-Installation-Directory>/Dependencies/mariadb’.
  3. If not using OpenLDAP provide by Ephesoft, please delete<Ephesoft-Installation-Directory>/Dependencies/OpenLDAP’ and ‘<Ephesoft-Installation-Directory>/Dependencies/OpenLDAP2.4’.
  4. Delete the open source GUI browser for SQL located at ‘<Ephesoft-Installation-Directory>/Dependencies/HeidiSQL_9.1_Portable
  5. If not going to use old applet based Ephesoft Web Scanner, please delete ‘<Ephesoft-Installation-Directory>/Application/jna.jar’.
  6. Delete the following folders: –
    1. <Ephesoft-Installation-Directory>/JavaAppServer/bin32
    2. <Ephesoft-Installation-Directory>/JavaAppServer/bin64
    3. <Ephesoft-Installation-Directory>/JavaAppServer/lib32
    4. <Ephesoft-Installation-Directory>/JavaAppServer/lib64
    5. <Ephesoft-Installation-Directory>/Application/native/32bitsFiles
    6. <Ephesoft-Installation-Directory>/Application/native/64bitsFiles

Apache Web Server Upgrade

The solution contains the default functionality provided by Ephesoft. Any custom configuration changes made need to be configured again. Please note this is a major upgrade i.e., from 2.2.X to 2.4.28. Please refer the migration guide here.

  1. Stop the windows service by the name of “Ephesoft Web Service”.
  2. Place the folder ‘Security-Hot-Fix/Apache24’ at ‘<Ephesoft-Installation-Directory>/’.
  3. Delete the windows service “EphesoftWebService” (Using the command prompt).

sc delete EphesoftWebService

  1. Open the file locate at ‘<Ephesoft-Installation-Directory>/Apache24/conf/httpd.conf’.
  2. Edit the following property to the correct path of Apache24: –

Define SRVROOT “<Ephesoft-Installation-Directory>/Apache24”.

  1. Make the custom changes (if any) as per migration steps defined here.
  2. Install and start the Apache as windows service by executing ‘<Ephesoft-Installation-Directory>/Apache24/installandstart.bat’.
  3. Delete the old Apache Web Server Folder ‘<Ephesoft-Installation-Directory>/Apache2.2’.

Apache Tomcat Upgrade

The apache tomcat would be upgraded to 8.0.47. It is a minor upgrade so most of the custom configuration should work as it is.

  1. Replace Tomcat Native as per System Type.
    1. 64-bit System: Replace the following: –
      1. <Ephesoft-Installation-Directory>/JavaAppServer/bin/tcnative-1.dll’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/bin64/tcnative-1.dll’.
      2. <Ephesoft-Installation-Directory>/JavaAppServer/bin/tomcat-native.tar.gz’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/bin64/tomcat-native.tar.gz’.
      3. <Ephesoft-Installation-Directory>/Application/native/tcnative-1.dll’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/bin64/tcnative-1.dll’.
      4. <Ephesoft-Installation-Directory>/JavaAppServer/bin/tomcat-juli.jar’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/bin64/tomcat-juli.jar’.
      5. <Ephesoft-Installation-Directory>/JavaAppServer/bin/tomcat-juli-adapters.jar’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/bin64/ tomcat-juli-adapters.jar’.
    2. 32-bit System: Replace the following: –
      1. <Ephesoft-Installation-Directory>/JavaAppServer/bin/tcnative-1.dll’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/bin32/tcnative-1.dll’.
      2. <Ephesoft-Installation-Directory>/JavaAppServer/bin/tomcat-native.tar.gz’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/bin32/tomcat-native.tar.gz’.
      3. <Ephesoft-Installation-Directory>/Application/native/tcnative-1.dll’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/bin32/tcnative-1.dll’.
      4. <Ephesoft-Installation-Directory>/JavaAppServer/bin/tomcat-juli.jar’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/bin32/tomcat-juli.jar’.
      5. <Ephesoft-Installation-Directory>/JavaAppServer/bin/tomcat-juli-adapters.jar’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/bin32/ tomcat-juli-adapters.jar’.
  2. Replace the default policies and web.xml: –
    1. <Ephesoft-Installation-Directory>/JavaAppServer/conf/Catalina.policy’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/conf/Catalina.policy’.
    2. <Ephesoft-Installation-Directory>/JavaAppServer/conf/web.xml’ with ‘Security-Hot-Fix/JavaAppServer-8.0.47/conf/web.xml’.
  3. Copy all the jars from ‘Security-Hot-Fix/JavaAppServer-8.0.47/lib/’ and replace them with jars present in ‘<Ephesoft-Installation-Directory>/JavaAppServer/lib/’.
  4. Copy and replace the following files from ‘Security-Hot-Fix/JavaAppServer-8.0.47/’ to ‘<Ephesoft-Installation-Directory>/JavaAppServer/’: –
    1. LICENSE
    2. NOTICE
    3. RELEASE-NOTES
    4. RUNNING.txt

LibreOffice Upgrade

Follow the below steps to upgrade LibreOffice: –

  1. Take the backup and delete the ‘<Ephesoft-Installation-Directory>/Dependencies/libreoffice’.
  2. Copy the folder from ‘Security-Hot-Fix/libreoffice’ to ‘<Ephesoft-Installation-Directory>/Dependencies/’.

Application Changes

Follow the below steps to apply the application changes: –

  1. Delete the following jars from ‘<Ephesoft-Installation-Directory>/Application/WEB-INF/lib/’: –
    1. commons-fileupload-1.3.2.jar
    2. velocity-1.7.jar
    3. jna-3.0.9.jar
  2. Copy the following jars from ‘Security-Hot-Fix/jars/’ to ‘<Ephesoft-Installation-Directory>/Application/WEB-INF/lib/’.
    1. commons-fileupload-1.3.3.jar
    2. velocity-1.7.0.redhat-4.jar
    3. jna-4.5.0.jar
  3. Delete the following jars: –
    1. <Ephesoft-Installation-Directory>/EphesoftReports/WEB-INF/lib/commons-codec-1.3.jar’.
    2. <Ephesoft-Installation-Directory>/EphesoftReports/WEB-INF/lib/commons-codec-1.4.jar’.
    3. <Ephesoft-Installation-Directory>/JavaAppServer/ lib/commons-codec-1.2.jar’.
  4. Copy the ‘Security-Hot-Fix/jars/commons-codec-1.10.jar’ at the following location: –
    1. <Ephesoft-Installation-Directory>/EphesoftReports/WEB-INF/lib/’.
    2. <Ephesoft-Installation-Directory>/JavaAppServer/lib/’.

Ephesoft Web Scanner

Changes would be done at two ends: –

Server Side

  1. Take the backup and delete the following: –
    1. SharedFolders/EphesoftScannerService.msi
    2. SharedFolders/EphesoftScannerService.zip
  2. Copy the following to ‘SharedFolders/’: –
    1. Security-Hot-Fix/EphesoftScannerService.msi
    2. Security-Hot-Fix/EphesoftScannerService.zip

Client Side

  1. Uninstall the Ephesoft Scanner Service.
  2. Install the latest Scanner Service.
  3. Stop the Ephesoft Scanner Service.
  4. Delete the jar located at ‘EphesoftScannerService/lib/jna-3.0.9.jar’.
  5. CopySecurity-Hot-Fix/jars/jna-4.5.0.jar’ at ‘EphesoftScannerService/lib/’.
  6. Restart theEphesoft Scanner Service.

Last Step

Restart the Ephesoft Server.

 

 

 

 

 

Was this article helpful to you?

Ignacio de Castro Perez