EducationSoftwareStrategy.com
StrategyCommunity

Knowledge Base

Product

Community

Knowledge Base

TopicsBrowse ArticlesDeveloper Zone

Product

Download SoftwareProduct DocumentationSecurity Hub

Education

Tutorial VideosSolution GalleryEducation courses

Community

GuidelinesGrandmastersEvents
x_social-icon_white.svglinkedin_social-icon_white.svg
Strategy logoCommunity

© Strategy Inc. All Rights Reserved.

LegalTerms of UsePrivacy Policy
  1. Home
  3. Topics

Rebranding MicroStrategy Library

Ahmed Osman

Senior Consultant • Strategy

This example shows how to customize MicroStrategy Library so that the application looks and feels like your brand.

Description 


Strategy Web Services discloses system information through the 

happyaxis.jsp
page as reported by “CVE-2020-11450 - Disclosure of information on the Axis2 Happiness Page exposes JVM configuration, CPU architecture, installation folder and other sensitive information."

Steps to reproduce 


Access happyaxis.jsp inside the Strategy Web Services deployment, e.g., 

http://machinename:port/StrategyWS/happyaxis.jsp

axis2

Solution


Upgrade to Strategy Web Services 2019 or above to take advantage of the fix. Administrator user credentials will be required to access the 

happyaxis.jsp
page.

Workaround


In order to provide a workaround for 

happyaxis.jsp
page, follow these steps in in the Strategy Web Services deployment folder:

  1. Find 
    welcome.jsp.
  2. Open
     welcome.jsp
    and delete the following HTML code: 
    
<li><a href="happyaxis.jsp">Validate</a>the web service installation's configuration</li>

  3. Find 
    happyaxis.jsp
    and
    1. Backup 
      happyaxis.jsp.
    2. Delete 
      happyaxis.jsp
      from the Strategy Web Services deployment folder.
Comment

0 comments

Details

Knowledge Article

Published:

March 28, 2018

Last Updated:

April 4, 2018