How to fix multiple Apache Tomcat Vulnerabilities in CA Service Desk Manager (SDM) 14.1?

Document ID : KB000011493
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

How can I fix multiple Apache Tomcat Vulnerabilities in CA Service Desk Manager (SDM) 14.1?

Here is a list of known vulnerabilities with Tomcat 7.0.23:

Apache Tomcat Multiple Vulnerabilities - CVE-2014-0230, CVE-2014-7810, CVE-2014-0075, CVE-2014-0096, CVE-2014-0099, CVE-2014-0119

Apache Tomcat Input Validation Security Bypass Vulnerability - CVE-2014-0227

Apache Tomcat Information Disclosure and Denial of Service Vulnerability - CVE-2013-4590, CVE-2013-4322

Environment:
CA Service Desk Manager 14.1 and 17.0All Supported Windows Operating Systems
Answer:

Apache Tomcat 7.0.23 is shipped out of the box with CA Service Desk Manager R14.1. Upgrading to Tomcat Version 7.0.59 will address the Vulnerabilities found in Apache Tomcat release earlier to 7.0.59. 

Below is the link to upgrade Tomcat for CA Service Desk to Version 7.0.59 to mitigate the vulnerabilities listed above:

https://docops.ca.com/ca-service-management/14-1/en/implementing/implementing-ca-service-management-14-1/step-4-install-or-upgrade/implementing-ca-service-desk-manager/how-to-install-ca-sdm/step-3-install-other-components/install-and-configure-apache-tomcat-7-0-59

NOTE:  The above instructions can be used to upgrade Tomcat to any Tomcat 7.0.x release.