Vulnerabilities for Tomcat version 9.0.34

book

Article ID: 196956

calendar_today

Updated On:

Products

CA Spectrum CA eHealth

Issue/Introduction

After vulnerability scans it is showing that 9.0.34 is vulnerable to various vulnerabilities and upgrading to 9.0.36+ is advised.

Environment

20.2

Resolution

This is resolved in Spectrum 20.2.3 (aka 10.4.2.1).

If you are running 20.2.0 (aka 10.4.2) Broadcom has released patch Spectrum_10.04.02.PTF_10.4.206a for 20.2 that upgrades Tomcat to 9.0.37.

It has also released Spectrum_10.04.02.PTF_10.4.206a for WebTomcat.

 

10.4.2_PTF_10.4.206a ReleaseNotes :

  1. This PTF contains a potential fix and will upgrade Tomcat under webtomcat to 9.0.37 to be in line with OCWS tomcat versin 9.0.37 which was upgraded by applying 10.4.2_PTF_10.4.206.
  2. Before applying this patch please remove runme file and Spectrum_10.4.2_Tomcat-9.0.37_Upgrade.Windows.exe/Spectrum_10.4.2_Tomcat-9.0.37_Upgrade.Linux.txe from $SPECROOT location
  3. Now close any open OC client consoles or webapp clients.
  4. Stop tomcat and webtomcat services
  5. apply this PTF and then start tomcat and webtomcat services.
  6. Launch OC client console and webapp and see everything is working fine.
  7. Verify the release notes under $SPECROOT/webtomcat/ directory, the release notes should indicate the tomcat version as 9.0.37.

 

The patches for Windows and Linux should be attached to this knowledge article.

Additional Information

If you have upgraded to 20.2.3 and the WebTomcat is still running an older version:

1. Stop the WebTomcat service:
$SPECROOT/webtomcat/bin/stopWebTomcat.sh

2. Delete the $SPECROOT/webtomcat/work folder

3. Restart the WebTomcat service:
$SPECROOT/webtomcat/bin/startWebTomcat.sh

4. Take a look in the $SPECROOT/webtomcat/logs/catalina.out file to see if it's now running version 9.0.37
# more catalina.out | grep "Apache Tomcat/9.0.37"
or
# more catalina.out | grep 9.0.37

Attachments

ReleaseNote.PTF_10.4.206a_1599048830742.txt get_app
Spectrum_10.04.02.PTF_10.4.206a.Windows_1599048802679.exe get_app
Spectrum_10.04.02.PTF_10.4.206a.Linux_1599048768958.txe get_app
ReleaseNote.PTF_10.4.206_1597081062636.txt get_app
Spectrum_10.04.02.PTF_10.4.206.Windows_1597080906687.exe get_app
Spectrum_10.04.02.PTF_10.4.206.Linux_1597080780524.txe get_app