The current Tomcat version used in CABI 7.1.1 is obsolete and needs to be updated to address vulnerabilities.
Current Tomcat in use Apache Tomcat Version 8.5.70.
Release : 4.2
Component : CA Service Operations Insight (SOI) Security
Upgrade Tomcat to version 9.
Steps to Update Tomcat in CABI 7.1.1
Download the attached Tomcat_9.0.64_Upgrade_CABI-7.1.1.zip file and extract it.
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false"
ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA22_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_SHA384, TLS_DHE_RSA_WITH_AES_128_SHA256"
sslProtocol="TLSv1.2"
keystoreFile=<keystore file>
keystorePass=<keystore password> relaxedQueryChars='|' relaxedPathChars='|' />
<CABI Install Dir>\apache-tomcat\bin\service.bat install
An additional file is included, which is required to enable SSO functionality when using Tomcat 9.
This has been tested against Tomcat 9.0.64 which is the latest version available at time of testing.
Tomcat 9 downloads are available here
https://tomcat.apache.org/download-90.cgi
.............................................
steps to do the actual upgrade of Tomcat:
............................................
This information is specific to SOI - CABI 7.1.1 integration.
Not advised for use with other CABI versions or integration with other Broadcom products.
Using CABI 7.1.1
The Tomcat provided with CABI 7.1.1 can be upgraded to 8.5.70 by replacing some files from the existing CABI Tomcat installation.
Please follow the below steps.
CA\SC\CA Business Intelligence\apache-tomcat