search cancel

CABI/Jasper Vulnerabilities - Update Apache Tomcat 9

book

Article ID: 239277

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

The current Tomcat version used in CABI 7.1.1 is obsolete and needs to be updated to address vulnerabilities.

Current Tomcat in use Apache Tomcat Version 8.5.70.

Cause

Upgrade Tomcat to version 9.

Environment

Release : 4.2

Component : CA Service Operations Insight (SOI) Security

Resolution

Steps to Update Tomcat in CABI 7.1.1

Download the attached Tomcat_9.0.64_Upgrade_CABI-7.1.1.zip file and extract it.

  1. Stop both CABI Services
    1. CA Business Intelligence Tomcat (cabusinessintelligencetomcat)
    2. CA Business Intelligence PostgreSQL (cabusinessintelligencepostgresql)
  2. Uninstall the existing service
    1. <CABI Install Dir>\apache-tomcat\bin\service.bat remove
  3. Move the existing apache-tomcat folder in <CABI Install Dir> to apache-tomcat-8.x
  4. Copy the apache-tomcat folder from the extracted zip file to <CABI Install Dir>
  5. Copy the <CABI Install Dir>\apache-tomcat-8.x\webapps\jasperserver-pro to <CABI Install Dir>\apache-tomcat\webapps\jasperserver-pro
  6. Copy mariadb-java-client-1.6.3.jar and postgresql-9.4-1210.jdbc41.jar from <CABI Install Dir>\apache-tomcat-8.x\lib to <CABI Install Dir>\apache-tomcat\lib
  7. Replace the file cabi-jasperreportsserver-sso.jar from the extracted zip in <CABI Install Dir>\apache-tomcat\webapps\jasperserver-pro\WEB-INF\lib
  8. In case customer is using https (refer old server.xml file in Update <CABI Install Dir>\apache-tomcat-8.x\conf) :

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"

                                             maxThreads="150" SSLEnabled="true" scheme="https" secure="true"

                                             clientAuth="false"

                              ciphers="TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA22_POLY1305, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_SHA384, TLS_DHE_RSA_WITH_AES_128_SHA256"

                                             sslProtocol="TLSv1.2"

                                             keystoreFile=<keystore file>

                                             keystorePass=<keystore password> relaxedQueryChars='|' relaxedPathChars='|' />

  1. Install the new CABI service
    1. Edit the <CABI Install Dir>\apache-tomcat\bin\service.bat – modify the Java Home, CABI installation directory and license directory and user home, as per your environment
      1. JAVA_HOME (line number 30 in service.bat file)
      2. --StartPath (line number 163 in service.bat file)
    2. Install the service by running the following command

<CABI Install Dir>\apache-tomcat\bin\service.bat install

  1. Start CABI services
    1. CA Business Intelligence Tomcat (cabusinessintelligencetomcat)
    2. CA Business Intelligence PostgreSQL (cabusinessintelligencepostgresql)

 

An additional file is included, which is required to enable SSO functionality when using Tomcat 9.

This has been tested against Tomcat 9.0.64 which is the latest version available at time of testing.

Additional Information

Tomcat 9 downloads are available here

https://tomcat.apache.org/download-90.cgi

.............................................

steps to do the actual upgrade of Tomcat:

............................................

This information is specific to SOI - CABI 7.1.1 integration.

Not advised for use with other CABI versions or integration with other Broadcom products.

Using CABI 7.1.1

 

The Tomcat provided with CABI 7.1.1 can be upgraded to 8.5.70 by replacing some files from the existing CABI Tomcat installation.

 

Please follow the below steps.

  1. Stop 'CA Business Intelligence Tomcat' service
  2. Go to the below location

    CA\SC\CA Business Intelligence\apache-tomcat  

  1. Take a backup of the above apache-tomcat folder
  2. Download the attached zip file and follow the information in the Word document to transfer required files from the existing Tomcat installation to the updated one.
  3. Start 'CA Business Intelligence Tomcat' service.

 

Attachments

Tomcat_9.0.64_Upgrade_CABI-7.1.1_1657529442492.zip get_app