search cancel

Dx Spectrum - Apache vulnerability found on OneClick Server


Article ID: 254297


Updated On:


CA Spectrum


As per the latest VAPT, found the below vulnerabilities on OneClick Server, 


Vulnerability Name Protocol Port Severity Solution
Apache Tomcat 9.0.13 < 9.0.63 vulnerability tcp 9443 High Upgrade to Apache Tomcat version 9.0.63 or later.
Apache Tomcat Default Files tcp 9443 Medium Delete the default index page and remove the example JSP and servlets. Follow the Tomcat or OWASP instructions to
replace or modify the default error page.


Release : 22.2


Access below url.

Apache Tomcat 9.0.65

But it the version was not showing 9.0.65 so need to upgrade to latest to over come vulnerability.


Issue will be solved with Apache Tomcat 9.0.65.

Spectrum version of 22.2.3 is having Apache Tomcat Version 9.0.65

So upgrading to 22.2.3  will remediate the vulnerability.