search cancel

Apache Tomcat upgrade and default files have vulnerabilities

book

Article ID: 213752

calendar_today

Updated On:

Products

CA Test Data Manager (Data Finder / Grid Tools)

Issue/Introduction

We have a vulnerability scan software which reports any vulnerabilities found within key network. It has recently report few vulnerabilities from servers where CA TDM portal is installed. Below are those vulnerabilities -

  1. Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP instructions to replace or modify the default error page.
  2. Upgrade to Apache Tomcat version 7.0.100, 8.5.51, 9.0.31,9.0.43 or later.

I wanted to understand how to delete the default index page and remove example JSP etc. From where can i download the latest version of Apache Tomcat version?

Would there be any impact on running CA TDM portal after upgrading? What are your recommendations in removing the above mentioned vulnerabilities?

Environment

Release : 4.8

Component : CA Agile Requirements Designer - TMX Script Generator

Resolution

Latest 4.9.1 portal includes latest 9.x tomcat version TDMWeb-4.9.306.0.zip.  It is recommended to upgrade to this version or later as it has not been tested to upgrade an old release.