Apache Tomcat - Chasing Vulnerabilities

Question

Greetings,Does anyone know if we can patch Apache Tomcat outside of the "whenever we release it" bundle from Veritas? There's way too many times when there's an update to tomcat that resolves a discovered vulnerability and yes, I did ask on a support call a long while back, that we can't update it outside of the typical scheduled nbuita patch release bundles.
Is this being researched or worked so tomcat can be patched outside of the nubita patch bundle?

robert_geller · Accepted Answer

The short answer is No.
In the past, if there is an actual exploitable vulnerability that is critical, we have made tomcat available to manually download/switch vs waiting for an upgrade, but its not the normal process.&nbsp; There is a lot of times scanners (success as Nesus/Qualys) will flag binaries, but this doesnt mean they are exploitable in our version deployed with ITA.&nbsp;&nbsp;
&nbsp;

Forum Discussion

Apache Tomcat - Chasing Vulnerabilities

1 Reply

Related Content

Data Insight - CVE-2022-42889 vulnerability in Apache Commons Text, dubbed "Text4Shell"

CVE-2023-38545/6 security vulnerability.

Apache Log4j 1.x Multiple Vulnerabilities

CPU vulnerability Meltdown

OpenSSL vulnerability <Security>