A security scan of CA Output Management Web Viewer 12.1 running with Tomcat 7.0.54 is showing several vulnerabilities.

book

Article ID: 4716

calendar_today

Updated On:

Products

CA Output Management Document Viewer CA Output Management Web Viewer

Issue/Introduction

A security scan of CA Output Management Web Viewer 12.1 running with Tomcat 7.0.54 is showing several vulnerabilities in Tomcat.

Cause

Vulnerabilities have been discovered in Tomcat 7.0.54 that were not previously known.

Environment

Apache Tomcat 7.0.54

Resolution

Upgrade to Apache Tomcat 8.5.4 using RO91790 UPDATE APACHE TOMCAT TO 8.5.4.  If you are not using the Tomcat originally supplied with Web Viewer, do not use this solution, but download your upgrade from the place you originally downloaded Apache Tomcat.


Plus it may be necessary to remove the Tomcat "docs" and "examples" applications.  Here is the recommended method:

  1. Use the Apache Tomcat manager app.
  2. Under applications for the desired application to remove, click "Stop"
  3. Click "Undeploy"

Additional Information

For additional information about downloading and applying RO91790 UPDATE APACHE TOMCAT TO 8.5.4, see TEC1392596 An update to Apache Tomcat 8.5.4 For CA Output Management Web Viewer 12.1 is Available