A security scan of CA Output Management Web Viewer 12.1 running with Tomcat 7.0.54 is showing several vulnerabilities.

Document ID : KB000004716
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

A security scan of CA Output Management Web Viewer 12.1 running with Tomcat 7.0.54 is showing several vulnerabilities in Tomcat.

Environment:
Apache Tomcat 7.0.54
Cause:

Vulnerabilities have been discovered in Tomcat 7.0.54 that were not previously known.

Resolution:

Upgrade to Apache Tomcat 8.5.4 using RO91790 UPDATE APACHE TOMCAT TO 8.5.4.  If you are not using the Tomcat originally supplied with Web Viewer, do not use this solution, but download your upgrade from the place you originally downloaded Apache Tomcat.


Plus it may be necessary to remove the Tomcat "docs" and "examples" applications.  Here is the recommended method:

  1. Use the Apache Tomcat manager app.
  2. Under applications for the desired application to remove, click "Stop"
  3. Click "Undeploy"
Additional Information:

For additional information about downloading and applying RO91790 UPDATE APACHE TOMCAT TO 8.5.4, see TEC1392596 An update to Apache Tomcat 8.5.4 For CA Output Management Web Viewer 12.1 is Available