Articles in this section

Apache Tomcat Vulnerabilities

Avatar
Camille Hansen
  • Updated
Follow

Summary

The Adaptiva Server component includes open-source Apache Tomcat, which provides web services for the Adaptiva Workbench communications. Adaptiva strives to include the latest versions of open-source software when we release our latest builds. Open-source software changes that include improvements or vulnerability resolution of detected issues may occur between Adaptiva build releases.

If your Security team reports that Apache Tomcat on the Adaptiva Server has a vulnerability, see the solutions below.

Solution

Check your Adaptiva Server Version

  1. Navigate to the Adaptiva Support Portal Product Releases page, and then select the Adaptiva Cumulative Release Notes link. The currently released Adaptiva version appears on this page.

  2. Determine which version of the Adaptiva Server you are using by logging into the Adaptiva OneSite Admin Portal, and then select 3412_spr.png > Settings > About Adaptiva Server.

  3. If using the latest version, skip to the Alternative Solution or wait for the next release.

    Note

    The latest version of Tomcat included with the latest release also appears in the Cumulative Release Notes. If this Adaptiva OneSite Platform version does not meet the requirements provided by the security team, continue to the Alternate Solution.

Alternative Solution

Important

If you reinstall or upgrade any of the products after completing the following steps, repeat the instructions below to reapply the latest version of Tomcat.

Download and Rename the Vendor Files

  1. Navigate to the Apache Tomcat® - Apache Tomcat 9 Software Downloads page to download the latest version of Apache Tomcat. Make sure to download the 64-bit Windows version.

  2. Save the zip file to the Downloads folder, and then extract (unzip) the files to a folder in that location.

  3. Create a temporary folder on the Adaptiva Server, and then copy the following folders and files from the download location to the new folder:

    • Conf

    • Lib

    • CONTRIBUTING.md

    • LICENSE

    • NOTICE

    • README.md

    • RELEASE-NOTES

  4. In the temporary folder, locate the Conf\server.xml file, and then delete it.

Update Tomcat

  1. Stop the AdaptivaServer service.

  2. Navigate to the following server install directory path:

    %AdaptivaServer%

  3. Make a backup copy of the Tomcat folder.

  4. Copy the contents of the temporary folder to the following folder:

    %AdaptivaServer%\tomcat

  5. Select Yes to accept the overwrite, and then start the AdaptivaServer service.

  6. Repeat the preceding steps to copy the folders and files to the Adaptiva Client and Adaptiva Workbench.

Verify the Apache Tomcat Version on the Adaptiva Server

To verify the Adaptiva Server Apache Tomcat version update, open a command prompt window on the Adaptiva Server, and then enter the following command on one line:

"%AdaptivaServer%\jre\bin\java.exe" -cp "%AdaptivaServer%\tomcat\lib\catalina.jar" org.apache.catalina.util.ServerInfo

This returns the Apache Server version details, similar to the example screen output below. This example shows the correct screen output for the new version.

Server version: Apache Tomcat/[version]

Server built: Aug 23 2023 21:59:38 UTC

Server number: [version]

OS Name: Windows Server 2022

OS Version: 10.0

Architecture: amd64

JVM Version: [version]

JVM Vendor: Amazon.com Inc.

Note

After making these changes, you may see an older version of Apache Tomcat in the Catalina.yyyy-mm-dd.log file located in the following file path:

%AdaptivaServer%\tomcat\logs

This is a bug in the Apache logging routine that Adaptiva reported to Apache.

Related articles

Comments

0 comments

Please sign in to leave a comment.