UCMDB Tip : Heartbleed documentation-Tomcat server.xml file configuration scenario

The Heartbleed documentation ( https://support.openview.hp.com/selfsolve/document/KM00863916 ) to secure Configuration Manager and UCMDB Browser states the following:


UCMDB Browser


1. Go to <Browser Install Dir>/conf/server.xml.

2. Comment out below line in the file 
<Listener className="org.apache.catalina.core.AprLifecycleListener" SSLEngine="on" /> 

3. Change HTTPS connectors configuration 
from <Connector protocol="org.apache.coyote.http11.Http11AprProtocol" port="8443" .../> to 
<Connector protocol="org.apache.coyote.http11.Http11Protocol" port="8443" .../> 

4. Restart Tomcat.

5. Revoke the server certificates used in Tomcat.

 

However there could be scenario's where there may not be any Connector protocol sections (step 3) in user's server.xml files.
Could this lead their systems vulnerable to the Heartbleed bug?

 

 

 

 

According to R&D, Configuration Manager and UCMDB Browser are not affected by this vulnerability if they are configured Out-Of-The-Box (OOTB) or as configured according to the Hearbleed documentation.

The "Connector Protocol" sections are added by end users for SSL configuration. 

If they do not exist then please ignore step 3 of the documentation.