Forum Discussion

robertoaxity's avatar
robertoaxity
Moderator
2 years ago

Netbackup 8.1 tomcat security vulnerabilities

Hello,

Would you be so kind to help me please, I have a 5240 appliance with netbackup version 8.1 which in an analysis threw a security problem which are these:

Apache tomcat 8.0.0 < 8.0.53 security constraint weakness
Apache tomcat SEoL (8.0.x)
Apache tomcat 8.0.0 < 8.0.52/8.0x < 8.5.31/9.0.x<9.0.8 Denial Service
Apache tomcat 8.0.0RC1<8.0.47 multiple vulnerabilities
Apache tomcat default files

Do you know if there is any ebb or package to install to solve this problem?

Thank you very much

    • robertoaxity's avatar
      robertoaxity
      Moderator

      I am installing appliance version 4.0 which is netbackup 9.0 to see if this will solve the tomcat problem.

  • robertoaxity If you're not able to immediately upgrade to a supported level where these issues are resolved, in the interim you could login to the Download Center and download some of the fixes there.

    Example screenshot, showing a search for the partial word "vulnerabilit":

    Afterwards, suggest updating your firmware (per UPD692288) and then upgrading the Appliance OS to supported levels. Hope that helps!

     

    • robertoaxity's avatar
      robertoaxity
      Moderator

      I installed it but the security software still shows the tomcat vulnerability.

      • davidmoline's avatar
        davidmoline
        Level 6

        Hi robertoaxity 

        Have you installed the various hot fixes from the 4.0 appliance release and the latest maintenance release?

        Finally, if you are still concerned, open a support case for advice on the security alert, sometimes these alerts are generic in nature and do not take account of the way that the particular system is using the software (not saying that it isn't a problem., just that it might not be). 

        Cheers
        David

  • After installing appliance OS version 4.0 and running the vulnerability scan again, it was successful and no longer shows tomcat problems.

    Thank you all very much.