search cancel

Tomcat Vulnerability (CVE-2022-29885) in ARD

book

Article ID: 243679

calendar_today

Updated On:

Products

CA Agile Requirements Designer

Issue/Introduction

ARD 3.2 hub server is having Apache-tomcat-9.0.37. 
Tomcat is highlighted for Apache Tomcat Denial of Service (DoS) Vulnerability (CVE-2022-29885).

As per https://tomcat.apache.org/security-9.html#Fixed_in_Apache_Tomcat_9.0.63, this issue is fixed on Apache Tomcat 9.0.63.

Please confirm if ARD 3.2  will work without breaking anything with Apache Tomcat 9.0.63?

 

Environment

Release: 3.2

Component: ARD HUB
Agile Requirements designer

Cause

Third-Party compatibility

Resolution

Tomcat 9.0.63 has been tested to work fine with ARD 3.2.5.
Hence it is suggested to upgrade to ARD 3.2.5 and proceed to use Tomcat 9.0.63.