Risk Level: Medium
Description
This plugin Ensures the latest version of Java is installed for all App Services. Installing the latest version of Java will reduce the security risk of missing security patches and updated features.
Configuration Parameters
Latest Java Version: This parameter denotes that the latest version of Java should be installed for all App Services. An alert is generated if the java version is outdated in the App Services. Installing the latest version of Java will reduce the security risk of missing security patches and updated features.
By default the value is set to 1.8, therefore it will return a vulnerability if the java version is less than 1.8.
About the Service
App Services: The app services at azure offers to host web applications, the REST API and backend services for mobile and web applications. Hosting web apps on Azure lets users focus on managing the application and its data.
Impact
The latest version of any software comes not only with improved features but also with security patches for loopholes that existed in the previous versions. Thus, selecting older versions of Software in the runtime stack provides threat actors with a loophole to damage and misuse the application’s resources and assets. Softwares relying on older versions of frameworks or programming languages are more prone to malware attacks.
Steps to Reproduce
- Login to the Azure portal.
- Click on App Services.
- Select an App Service plan from the listed apps.
- Click on Configuration under Settings.
- Go to the General settings section.
- Under Stack settings, if the Stack is set to Java, then check the Java version, Java minor version and Java web server. If the value is set to older versions, go to the Steps for Remediation section to solve the issue.
Steps for Remediation
- Login to the Azure portal.
- Click on App Services.
- Select an App Service plan from the listed apps.
- Click on Configuration under Settings.
- Go to the General settings section.
- Under Stack, settings set the Java version, Java minor version, Java web server and Java web server version to the latest available version.
- Repeat for other app services as well.
Please feel free to reach out to support@pingsafe.ai with any questions that you may have.
Thanks
PingSafe Support