AutoSys r12 Web Server - Tomcat 9 vulnerabilities - upgrade Tomcat version
search cancel

AutoSys r12 Web Server - Tomcat 9 vulnerabilities - upgrade Tomcat version

book

Article ID: 203741

calendar_today

Updated On:

Products

CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation AE

Issue/Introduction

Our security testing team have found the following vulnerabilities in the AutoSys Web Server (Apache Tomcat 9.0.33) which is part of AutoSys 12.0.

The vulnerability is CVE-2020-9484 and apparently patched in Apache Tomcat 9.0.39 

Can we upgrade the existing Tomcat 9.0.33 to version 9.0.39

Environment

Release : 12.0

Component : CA Workload Automation AE (AutoSys)

Resolution

Below are the steps to Upgrade Autosys R12’s Tomcat from version 9.0.33 to 9.0.39 on Linux.


1. Source Autosys Environment.

2. Stop All the Web Services.

3. Backup $AUTOSYS_INSTALL_LOCATION/webserver

mv $AUTOSYS_INSTALL_LOCATION/webserver $AUTOSYS_INSTALL_LOCATION/webserver.bkp_AE_R12_tomcat_9.0.33

4. Extract Tomcat 9.0.39.

mv apache-tomcat-9.0.39.tar.gz $AUTOSYS_INSTALL_LOCATION

cd $AUTOSYS_INSTALL_LOCATION

gunzip apache-tomcat-9.0.39.tar.gz

tar -xvf apache-tomcat-9.0.39.tar

mv apache-tomcat-9.0.39 webserver



5. Update the owner-group and set the permissions.

chown -R : $AUTOSYS_INSTALL_LOCATION/webserver

chmod -R 755 $AUTOSYS_INSTALL_LOCATION/webserver