Siteminder Access Gateway r12.8.7 and higher bundles Apache Tomcat 9.0.x as the application server.  Tomcat versions vary by the Access Gateway release:

r12.8.7:    Apache Tomcat 9.0.65
r12.8.8:    Apache Tomcat 9.0.83
r12.8.8.1  Apache Tomcat 9.0.86

r12.9 ships with Apache Tomcat 9.0.100.0

KB281190 (archived) delivered Tomcat 9.0.86
KB381451 (archived) delivered Tomcat 9.0.96
KB383137 (archived) delivered Tomcat 9.0.97
KB384944 (archived) delivered Tomcat 9.0.98
KB397315 (archived) delivered Tomcat 9.0.104
KB403333 (archived) delivered Tomcat 9.0.106
KB406223 (archived) delivered Tomcat 9.1.107
KB417926 (archived) delivered Tomcat 9.0.110
KB431996 (archived) delivered Tomcat 9.0.115
KB437528 (archived) delivered Tomcat 9.0.117

There have been a number of vulnerabilities in Tomcat 9.0.117 and older which are remediated in Tomcat 9.0.118 and higher.  

This KB delivers Tomcat 9.0.118 for Siteminder Access Gateway.

PRODUCT: Siteminder

COMPONENT: Access Gateway

VERSIONS IMPACTED: r12.8.x; r12.9

OS: Any

The following CVE's were reported in Tomcat 9.0.117 and older.  These are remediated with Tomcat 9.0.118.

CVE-2026-43515 allows unauthorized access to restricted resources

SEVERITY: Moderate
DESCRIPTION:  When multiple security constraints defined an HTTP method constraint for the same extension pattern, only the first method constraint was applied.

IMPACTED: Tomcat 9.0.0-M1 through 9.0.117

REMEDIATED: Apache Tomcat 9.0.118

CVE-2026-43514 AJP secret compared in non-constant time

SEVERITY: Low
DESCRIPTION:  The AJP secret was compared in non-constant time allowing an attacker on the local network to mount a timing attack to determine the AJP secret.

IMPACTED: Tomcat 9.0.0-M1 through 9.0.117

REMEDIATED: Apache Tomcat 9.0.118

CVE-2026-43513 LockOutRealm treats user names as case-sensitive

SEVERITY: Low
DESCRIPTION:  The LockOut Realm treated user names as case sensitive meaning that, for Realms where the user name was case insensitive, the LockOut Realm was not as effective at blocking brute force attacks against a user's password..

IMPACTED: Tomcat 9.0.0-M1 through 9.0.117

REMEDIATED: Apache Tomcat 9.0.118

CVE-2026-43512 Digest authenticator will authenticate any unknown user

SEVERITY: Moderate
DESCRIPTION:  When DIGEST authentication was configured, any user not known to the configured Realm would be authenticated if they presented the password "null".

IMPACTED: Tomcat 9.0.0-M1 through 9.0.117

REMEDIATED: Apache Tomcat 9.0.118

CVE-2026-43498 WebSocket authentication header exposure

SEVERITY: Low
DESCRIPTION:  If a WebSocket request was redirected after authentication, Tomcat's WebSocket client would present the most recent authentication header to the redirect target host

IMPACTED: Tomcat 9.0.0-M1 through 9.0.117

REMEDIATED: Apache Tomcat 9.0.118

CVE-2026-41293 HTTP/2 request headers not validated

SEVERITY: Low
DESCRIPTION:  HTTP/2 request headers were not validated which may have triggered unexpected application behaviour if the application (quite reasonably) assumed that header value exposed through the Servlet API would be specification compliant.

IMPACTED: Tomcat 9.0.0-M1 through 9.0.117

REMEDIATED: Apache Tomcat 9.0.118

CVE-2026-41284 Unbounded read in WebDAV LOCK and PROPFIND handling

SEVERITY: Low
DESCRIPTION:  No limit was enforced on the request body for WebDAV LOCK or PROPFIND requests which were available to unauthenticated users.

IMPACTED: Tomcat 9.0.0-M1 through 9.0.117

REMEDIATED: Apache Tomcat 9.0.118

How to Verify The Version of Tomcat on Siteminder Access Gateway

Upgrade Tomcat for Symantec Siteminder Access Gateway to Tomcat 9.0.118

1) Download the Tomcat 9.0.118 patch  ['Tomcat90118.zip' (attached to this KB)]

2) Copy 'Tomcat90118.zip' to the Access Gateway Server and unzip it.

3) Stop the Access Gateway Server

4) Back-up the <Install_Dir>\secure-proxy\Tomcat\lib directory

Defaults:

LINUX:         <Install_Dir> = /opt/CA/secure-proxy/Tomcat/
WINDOWS: <Install_Dir> = C:\Program Files\CA\secure-proxy\Tomcat\

cp -R /<Install_Dir>/secure-proxy/Tomcat/lib/ /<Install_Dir>/secure-proxy/Tomcat/lib-BAK

5) Back-up the <Install_Dir>\secure-proxy\Tomcat\bin directory

cp -R /<Install_Dir>/secure-proxy/Tomcat/bin/ /<Install_Dir>/secure-proxy/Tomcat/bin-BAK

6) Copy the following jar files from "Tomcat90118.zip/lib" to "<Install_Dir>/secure-proxy/Tomcat/lib"

websocket-api.jar
tomcat-websocket.jar
tomcat-util-scan.jar
tomcat-util.jar
tomcat-jni.jar
tomcat-jdbc.jar
tomcat-i18n-zh-CN.jar
tomcat-i18n-ru.jar
tomcat-i18n-pt-BR.jar
tomcat-i18n-ko.jar
tomcat-i18n-ja.jar
tomcat-i18n-fr.jar
tomcat-i18n-es.jar
tomcat-i18n-de.jar
tomcat-i18n-cs.jar
tomcat-dbcp.jar
tomcat-coyote-ffm.jar
tomcat-coyote.jar
tomcat-api.jar
servlet-api.jar
jsp-api.jar
jaspic-api.jar
jasper-el.jar
jasper.jar
el-api.jar
ecj-4.20.jar
catalina-tribes.jar
catalina-storeconfig.jar
catalina-ssi.jar
catalina-ha.jar
catalina-ant.jar
catalina.jar
annotations-api.jar

NOTE: Copy the Files from source directory to target directory. Do Not copy the /bin and /lib directories themselves.  

EXAMPLE:

cp -rf /<Path_to_Tomcat90118>/lib/* /<Install_Dir>/secure-proxy/Tomcat/lib/

7) Copy the following jar files from "Tomcat90118.zip/bin" to "<Install_Dir>/secure-proxy/Tomcat/bin"

bootstrap.jar
catalina.bat
catalina.sh
catalina-tasks.xml
ciphers.bat
ciphers.sh
commons-daemon.jar
configtest.bat
configtest.sh
daemon.sh
digest.bat
digest.sh
makebase.bat
makebase.sh
service.bat
setclasspath.bat
setclasspath.sh
shutdown.bat
shutdown.sh
startup.bat
startup.sh
tomcat-juli.jar
tool-wrapper.bat
tool-wrapper.sh
version.bat
version.sh

NOTE: Copy the Files from source directory to target directory.  Do not copy the /bin and /lib directories themselves.  

EXAMPLE:

cp -rf /<Path_to_Tomcat90118>/bin/* /<Install_Dir>/secure-proxy/Tomcat/bin/

8a) Linux - backup your /secure-proxy/proxy-engine/ProxyServer.sh and add the classpath for the tomcat-juli.jar 

Example:

SM_PROXY_CP=${TOMCAT_HOME}/bin/proxybootstrap.jar:${TOMCAT_HOME}/properties:${NETE_SPS_ROOT}/resources:${JAVA_HOME}/lib/tools.jar:${JAVA_HOME}/lib/tools.jar:${TOMCAT_HOME}/bin/bootstrap.jar:${TOMCAT_HOME}/bin/tomcat-juli.jar:${TOMCAT_HOME}/lib/smi18n.jar:${NETE_SPS_ROOT}/agentframework/java/bc-fips-1.0.2.4.jar

8b) Windows - backup your secure-proxy\proxy-engine\conf\SmSpsProxyEngine.properties and add the classpath for the tomcat-juli.jar 

Example:

NETE_SPS_PROXYENGINE_CMD="%NETE_SPS_JAVA_HOME%\bin\java.exe" -Xms512m -Xmx1024m -XX:MaxMetaspaceSize=256M -Dcatalina.base="%NETE_SPS_TOMCAT_HOME%" -Dcatalina.home="%NETE_SPS_TOMCAT_HOME%" -Djava.endorsed.dirs="%NETE_SPS_TOMCAT_HOME%\endorsed" -Djava.endorsed.dirs="%NETE_SPS_TOMCAT_HOME%\endorsed" -Djava.io.tmpdir="%NETE_SPS_TOMCAT_HOME%\temp" -DSM_AGENT_LOG_CONFIG="%STS_AGENT_LOG_CONFIG_FILE%" -Dfile.encoding=UTF8 -DIWACONFIGHOME="%IWACONFIGHOME%" -Dlogger.properties="%NETE_SPS_TOMCAT_HOME%\properties\logger.properties" -classpath "%NETE_SPS_TOMCAT_HOME%\bin\proxybootstrap.jar;%NETE_SPS_TOMCAT_HOME%\bin\tomcat-juli.jar;%NETE_SPS_TOMCAT_HOME%\properties;%NETE_SPS_JAVA_HOME%\lib\tools.jar;%NETE_SPS_JAVA_HOME%\lib\tools.jar;%NETE_SPS_TOMCAT_HOME%\bin\bootstrap.jar;%NETE_SPS_ROOT%\resources;%NETE_SPS_ROOT%\agentframework\java\bc-fips-1.0.2.4.jar" com.netegrity.proxy.ProxyBootstrap -config "%NETE_SPS_ROOT%/proxy-engine/conf/server.conf"

9) Start the Access Gateway Server.

10) Once functionality has been verified, you can delete the backed up directories

/<Install_Dir>/secure-proxy/Tomcat/lib-BAK
/<Install_Dir>/secure-proxy/Tomcat/bin-BAK

How to Verify The Version of Tomcat on Siteminder Access Gateway

Fixed_in_Apache_Tomcat_9.0.118

Vulnerabilities in Tomcat 9.0.118 and older: 

CVE-2026-43515
CVE-2026-43514
CVE-2026-43513
CVE-2026-43512
CVE-2026-42498
CVE-2026-41293
CVE-2026-41284
CVE-2026-34500 
CVE-2026-34487 
CVE-2026-34486 
CVE-2025-34483 
CVE-2026-32990 
CVE-2026-29146
CVE-2026-29145
CVE-2026-29129
CVE-2026-25854
CVE-2026-24880
CVE-2026-24734
CVE-2026-24733
CVE-2025-66614
CVE-2025-61795
CVE-2025-55754
CVE-2025-48989
CVE-2025-52434
CVE-2025-52520
CVE-2025-53506
CVE-2025-49125
CVE-2025-49124
CVE-2025-48988
CVE-2025-18976
CVE-2025-46701
CVE-2025-31651
CVE-2025-31650
CVE-2028-24813
CVE-2024-56337
CVE-2024-54677
CVE-2024-50379
CVE-2024-52318
CVE-2024-52317
CVE-2024-52316
CVE-2024-34750
CVE-2024-38286
CVE-2024-23672
CVE-2024-24549
CVE-2023-46589
CVE-2023-45648
CVE-2023-44487
CVE-2023-42795
CVE-2023-42794
CVE-2023-41080
CVE-2023-34981
CVE-2023-28709
CVE-2023-28708
CVE-2023-24998