Summary

A critical vulnerability in Apache Log4j impacting versions from 2.0-beta9 to 2.14.1 has been publicly disclosed. The vulnerability has been assigned the identifier CVE-2021-44228.

Enterprise Service Infrastructure (ESI) has been identified as a potentially exposed component. ESI is installed in addition to Spider to use the Spider OneSearch functionality. Spider instances using OneSearch (which, therefore, rely on ESI) have a search bar in the upper right corner.

Spider itself is not affected if OneSearch/ESI is not used.

We recommend deactivating OneSearch and uninstalling Enterprise Service Infrastructure (ESI).
This article shows what steps are required to do this.

Is Spider OneSearch configured?

 The Spider Admin Tool can be used to find out whether Spider OneSearch is configured.

1. Open Spider Admin and connect the Spider database.
2. Choose “Spider Core” from the menu and click on Config.
3. From the tree view on the left, navigate to the Config / Application / Indexing node.
   It can be located by expanding the Application node.
4. Check the Enabled key labeled.

• The value False means that OneSearch is not activated. You can then continue with the step Check whether the Enterprise Service Infrastructure is installed?.
• The value True means OneSearch is enabled and should be disabled. Change the value to False and continue with the following steps. This disables OneSearch and the indexing functionality.

Check whether the Enterprise Service Infrastructure (ESI) is installed

To find out whether Enterprise Service Infrastructure (ESI) is installed, look under Windows Programs and Features for the name Brainwaregroup ESI from the publisher brainwaregroup.

There are two ways to proceed:

• Uninstall Enterprise Service Infrastructure (ESI)

Or

• Switch off the Enterprise Service Infrastructure (ESI)

How to uninstall Enterprise Service Infrastructure (ESI)

The uninstall can be started under Windows Programs and Features.

Select the program Brainwaregroup ESI and start the uninstall process. Ensure that indexing is deactivated in the Spider config (Enabled = False), as described above. 

As a result of the changes, you may log on to Spider and navigate to Information about index in the System menu. You should be greeted by a mostly empty page that says the Index has been deactivated. The OneSearch search bar in the upper right corner has disappeared.

How to switch off Enterprise Service Infrastructure (ESI)

As an alternative to uninstalling, ESI can be deactivated. To do this, the following actions will need to be taken:

• The corresponding Microsoft IIS Application Pool must be stopped
• Stop the service index GlassFish Server and switch the startup type to Manual

To stop serving the Index with IIS on the Application Server:

Start the IIS Management console and navigate to the Application Pool belonging to the indexing application. It should contain the string “IndexAppPool”. Stop the application pool.

Now, the connection between Spider and the Elastic Search on the Glassfish server is switched off.

To stop the service index GlassFish Server

The last item running and potentially threatening your system is the Indexing server itself. You can find it as a running Service named index GlassFish Server.

Stop this service and choose to start this service manually to prevent it from restarting.

Now the Indexing Service is stopped and no information is passed from Spider to this service or vice versa. The Service itself cannot be addressed internally anymore because it is no longer running.

As a result of the changes, you may log on to Spider and navigate to Information about index in the System menu. You should be greeted by a mostly empty page that says that the Index has been deactivated. The OneSearch search bar in the upper right corner has disappeared.