Flash (Alert)
Abstract
It is possible to gain access to Tomcat Manager in IBM Cognos Express using hard coded credentials. This could create a security vulnerability that would allow someone to carry out a denial of service attack.
Content
In order to resolve the issue and secure the Cognos Express environment, follow these steps:
1. Stop the 'IBM Cognos Express' service from Service Manager.
Start>Settings>Control Panel>Administrative Tools>Services
2. Delete the following files under the IBM Cognos Express installation folder. The default location of this folder is
C:\Program Files\IBM\Cognos Express if you did not change the location during the installation process.
\webapps\manager.xml
\tomcat4.1.27\conf\tomcat-users.xml
\tomcat4.1.27\server\webapps\manager\html-manager-howto.html
\tomcat4.1.27\server\webapps\manager\manager-howto.html
\tomcat4.1.27\server\webapps\manager\images\asf-logo.gif
\tomcat4.1.27\server\webapps\manager\images\tomcat.gif
\tomcat4.1.27\server\webapps\manager\images\void.gif
\tomcat4.1.27\server\webapps\manager\WEB-INF\web.xml
3. Delete the following folders under the IBM Cognos Express installation folder:
\tomcat4.1.27\server\webapps\manager\WEB-INF
\tomcat4.1.27\server\webapps\manager\images
\tomcat4.1.27\server\webapps\manager
\tomcat4.1.27\server\webapps
4. Start the 'IBM Cognos Express' service from Service Manager.
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.