Vulnerability Warning For Apache Tomcat 7.0.82 in Spectrum 10.2.x

book

Article ID: 142568

calendar_today

Updated On:

Products

CA eHealth CA Spectrum

Issue/Introduction

Vulnerabilities have been identified on these linux Servers that have the Spectrum Application Installed. Are these related / used by to the Spectrum application? Will remediating these vulnerabilities break the Spectrum Application?

Vulnerable software installed: Apache Tomcat 7.0.82 (/app/CA/spectrum/tomcat/lib/catalina.jar)

 

Environment

Release : 10.2.x

Component : Spectrum Core / SpectroSERVER

Resolution

I looked up Tomcat 7.0.82 and I found references to vulnerability ID CVE-2018-1336.

Spectrum 10.3.1 ships with Apache Tomcat 9.0.8, so we would recommend upgrading to Spectrum 10.3.1 or higher in order to get rid of the warnings for CVE-2018-1336.

Additional Information

See also https://ca-broadcom.wolkenservicedesk.com/external/article?articleId=112642 for Apache Struts vulnerability CVE-2018-11776 warnings