search cancel

Dx Spectrum - Apache vulnerability found on OneClick Server

book

Article ID: 254297

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

As per the latest VAPT, found the below vulnerabilities on OneClick Server, 

 

Vulnerability Name Protocol Port Severity Solution
Apache Tomcat 9.0.13 < 9.0.63 vulnerability tcp 9443 High Upgrade to Apache Tomcat version 9.0.63 or later.
Apache Tomcat Default Files tcp 9443 Medium Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP instructions to
replace or modify the default error page.

Environment

Release : 22.2

Cause

Access below url.

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/dx-netops/22-2/Fault-Monitoring-with-DX-Spectrum/release-information/third-party-software-license-acknowledgements.html#concept.dita_4c1022a058b08d7255dda55e71805dba564418f3_div_3

Apache Tomcat 9.0.65

But it the version was not showing 9.0.65 so need to upgrade to latest to over come vulnerability.

Resolution

Issue will be solved with Apache Tomcat 9.0.65.

Spectrum version of 22.2.3 is having Apache Tomcat Version 9.0.65

So upgrading to 22.2.3  will remediate the vulnerability.