Apache Tomcat Vulnerabilities identified on DevTest 10.x servers

Document ID : KB000095369
Last Modified Date : 10/05/2018
Show Technical Document Details
We currently have DevTest 10.1  on Windows 2012 Servers. The DevTest Servers have been scanned and identified as having  two security vulnerabilities.

The vulnerabilities are the following:
#1: QID: 38142
     SSL Server Allows Anonymous Authentication Vulnerability (High)
     Upgrade to modern, supported version of Apache Tomcat and/or update configuration to disable support for      anonymous authentication.

#2: QID: 38628
SSL Server Allows Cleartext Communication Vulnerability (High)
                                Disable ciphers which support clear text communication
                                 Apache Tomcat: 

DevTest 10.x and up
To disable Apache Tomcat Vulnerabilities, remove the Demoserver folder (if installed) , the examples folder and example_src folder after the installation. This should take care of the vulnerability. 
Additional Information:
Tomcat versions with respect to DevTest 10.x: 

DevTest 10.1 : Tomcat 7.0.63 
DevTest 10.2 : Tomcat 8.0.45 
DevTest 10.3 : Tomcat 9.0.1