The Apache Tomcat in CA API Developer Portal v2.6 is exposed to vulnerability CVE-2014-0230. In order to cover this and several other vulnerabilities (see http://tomcat.apache.org/security-6.html)  tomcat is upgraded to latest 6.0.x version. 

The following knowledge base article deals with upgrading the tomcat version in CA API Developer Portal.

Caused due to vulnerability CVE-2014-0230

Denial of Service 

When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the size of request body that Tomcat would swallow. This permitted a limited Denial of Service as Tomcat would never close the connection and a processing thread would remain allocated to the connection.

Instructions for v2.6 to 3.0 CA API Developer Portal

==================================

1) Check the version of apache Tomcat in CA API Developer Portal

./server/bin/version.sh 

2) Copy the attached upgrade-tomcat and tomcat-6.0.48.tgz to /opt/Deployments/lrs

3) cd /opt/Deployments/lrs

Upgrade of tomcat to higher version is planned for later CR.