search cancel

Upgrading WCC Apache Tomcat to resolve vulnerabilities

book

Article ID: 190764

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) Workload Automation Agent CA Workload Automation AE

Issue/Introduction

A recent security scan detected vulnerabilities with Tomcat webserver.
The instructions in this document will provide guidance for remediating security vulnerability by upgrading the Tomcat webserver.
This procedure applies only to 11.x releases of Workload Control Center that are running Tomcat 8 webserver..

Note:

  • You must stay within the major release of Tomcat webserver that is packaged with the Workload Control Center product.  Do not upgrade to a higher major version such as 9 or above with the 11.x release of WCC! It will not work.
  • This procedure applies to WCC installed on Linux operating systems.

Environment

Release : 11.x
Component : WORKLOAD CONTROL CENTER

Resolution

  1. Stop all WCC related services.

  2. Backup the existing 32-bit and 64-bit Tomcat server bin and lib directories.
    tar -cvf tomcat_bin.tar $CA_WCC_INSTALL_LOCATION/tomcat/bin
    tar -cvf tomcat32_bin.tar $CA_WCC_INSTALL_LOCATION/tomcat_32/bin

    tar -cvf tomcat_lib.tar $CA_WCC_INSTALL_LOCATION/tomcat//lib
    tar -cvf tomcat32_lib.tar $CA_WCC_INSTALL_LOCATION/tomcat_32/lib

  3. Extract the contents of the tomcat webserver that you downloaded to the /tmp directory or location of your choosing on your WCC server.

  4. Copy the 32-bit and 64-bit Tomcat server bin directory from the newer release of Tomcat webserver that you stored in /tmp to the correct location where WCC is installed.
    cp -R /tmp/<uncompressed_file_name>/tomcat/bin $CA_WCC_INSTALL_LOCATION/tomcat/bin
    cp -R /tmp/<uncompressed_file_name>/tomcat_32/bin $CA_WCC_INSTALL_LOCATION/tomcat_32/bin

    cp -R /tmp/<uncompressed_file_name>/tomcat/lib $CA_WCC_INSTALL_LOCATION/tomcat/lib
    cp -R
    /tmp/<uncompressed_file_name>/tomcat_32/lib $CA_WCC_INSTALL_LOCATION/tomcat_32/lib

  5. Change ownership of the directories recursively to match the owner that installed the product.
    chown -R user:group $CA_WCC_INSTALL_LOCATION/tomcat/bin
    chown -R
    user:group $CA_WCC_INSTALL_LOCATION/tomcat_32/bin

    chown -R user:group $CA_WCC_INSTALL_LOCATION/tomcat/lib
    chown -R user:group $CA_WCC_INSTALL_LOCATION/tomcat_32/lib

  6. Restart WCC services