Tomcat Security Vulnerability Issue

book

Article ID: 192654

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Tomcat Security Vulnerability Issue

Our security team has identified an issue with our current version of Apache Tomcat and has requested that we upgrade this component.    The details provided be our security team are below:

The host is affected by following vulnerabilities

1) The remote Apache Tomcat server is affected by multiple vulnerabilities - Nessus Plugin - 133845

Description:

The version of Tomcat installed on the remote host is prior to 7.0.100, 8.x prior to 8.5.51, or 9.x prior to 9.0.31. It is, therefore, affected by multiple vulnerabilities.

Solution:

Upgrade to Apache Tomcat version 7.0.100, 8.5.51, 9.0.31 or later.

Plugin Output

Installed version : 8.5.9.0

Fixed version : 8.5.51

Environment

Release : 15.1

Component : CA PPM APPLICATION

Resolution

PPM 15.2 is certified with Tomcat version 

Apache Tomcat 8.5.9 or higher patch level

Source: https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/business-management/clarity-project-and-portfolio-management-ppm-on-premise/15-2/release-information/ca-ppm-15-2-release-notes.html#concept.dita_138b5982ae502bdd96a5848f1a9a42b69c310d57_compatCompatibilities

So, that should meet the vulnerability fix requirement.