Service Catalog 12.9.02 vulnerability - Apache Tomcat

Document ID : KB000098049
Last Modified Date : 25/05/2018
Show Technical Document Details
There are vulnerabilities associated with the version of Apache Tomcat which ships with Service Catalog 12.9. Can we upgrade Tomcat, what version can we upgrade to and how do we perform the upgrade?
The version of Apache Tomcat used by Service Catalog 12.9 can safely be upgraded to version 7.0.82. Steps to do this are as follows:

1) Download Apache-Tomcat-7.0.82: for 32 bit for 64 bit

2) Stop the catalog service

3) Upgrade Tomcat using ant upgrade-tomcat command from the CA Service Catalog command prompt.

C:\Program Files\CA\Service Catalog>ant upgrade-tomcat
Buildfile: build.xml
[mkdir] Created dir: C:\Program Files\CA\Service Catalog\conf-backup\20180302-0528
[echo] Maintenance started: Friday March 02, 2018 05:28:04 AM EST by Administrator
[echo] Please shutdown all related services before continuing
[input] Press Return key to continue...
[input] Location of new tomcat zip:
[input] What is the version of the new Apache Tomcat (e.g. 6.0.38):
[input] Are you sure you want to upgrade tomcat to 7.0.82? (y, n)
[unzip] Expanding: C:\ into C:\Users\ADMINI~1\AppData\Local\Temp\2\tomca
[mkdir] Created dir: C:\Program Files\CA\Service Catalog\embedded\tomcat-20180302-0528
[echo] Copying the current tomcat to C:\Program Files\CA\Service Catalog/embedded/tomcat-201803
[copy] Copying 653 files to C:\Program Files\CA\Service Catalog\embedded\tomcat-20180302-0528
[copy] Copied 113 empty directories to 2 empty directories under C:\Program Files\CA\Service Ca
[echo] Copied the current tomcat to C:\Program Files\CA\Service Catalog/embedded/tomcat-2018030
[copy] Copying 633 files to C:\Program Files\CA\Service Catalog\embedded\tomcat
[echo] Apache Tomcat 7.0.82 has been successfully installed.
Total time: 13 minutes 9 seconds

Once this is complete, restart the Service Catalog service and the upgrade to the new version of Tomcat will be complete.