ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Upgrade AutoSys Apache Tomcat to Resolve Vulnerabilities

book

Article ID: 186626

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation AE

Issue/Introduction

How can we upgrade the AutoSys Tomcat webserver to address vulnerabilities? 

Environment

Release : 11.3.6

Component : CA Workload Automation AE (AutoSys) Web Server

Resolution

1. Take a backup of the existing web server in $AUTOSYS/../webserver. Lets name backup name as old

2. Download newer (for example 8.5.41) tomcat tar file from http://tomcat.apache.org/ or obtain your inhouse supported tomcat and extract it at $AUTOSYS/..

3. Copy below files from old to new:
   Copy old/bin/waae_webserver* to new $AUTOSYS/webserver/bin
   Copy old/bin/wrapper-linux-x86-64 to new $AUTOSYS/webserver/bin
   
   Copy old/lib/libwrapper*  to new $AUTOSYS/webserver/lib
   Copy old/lib/wrapper.jar  to new $AUTOSYS/webserver/lib
   
   Copy old/conf/Tomcat-wrapper-license.conf to new $AUTOSYS/webserver/conf
   Copy old/conf/wrapper.conf to new $AUTOSYS/webserver/conf

4. Change new $AUTOSYS/webserver/conf/server.xml to contain below XML tag under org.apache.coyote.http11.Http11NioProtocol:
 
 <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" SSLEnabled="true" acceptCount="100"
               maxThreads="400" scheme="https" secure="true"
               clientAuth="false" sslProtocol="TLS" relaxedQueryChars="|&lt;&gt;"
               ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA,
               TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
               SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA" />

5.Change the owner and permissions of webserver similar to old