cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Update Apache Tomcat in Backup Exec Web Retriever

paul_henry7
Level 2

‎08-18-2010 10:21 AM


We have Backup Exec 12.5 for Windows Servers with Continuous Protection. A function called Web Retriever uses Apache Tomcat 5.5.7. Unfortunately, I work in a government facility and that version of Tomcat has been flagged with an IAVA (information assurance vulnerability alert) and therefore I need to patch it, create a workaround with the vulnerability, or stop using the application. I'm trying to figure out if there is a way to upgrade that installation of Tomcat to 5.5.30. Does anyone know if its possible to do this? I've also read that sometimes the scan creates a false positive with vendor specific backports of Tomcat, though I'm not sure if that's the case here. The IAVA# is 2010-B-0052 if anyone wants to research it.

Thanks
0 Kudos
4 REPLIES 4

teiva-boy
Level 6

‎08-18-2010 10:31 AM

You have a couple of choices that may or may not help...

1.  Run LiveUpdate to update/patch those products BE/CPS and see if the Tomcat version is upgraded.  Odds are it isn't addressed.
2.  Upgrade to BE2010 R2, which has a new version of CPS, which should I would think have a new version of TomCat.
3.  With support's blessing or some sort of snapshot backup you can revert to...  Upgrade it yourself, and see if CPS still functions.  


0 Kudos

paul_henry7
Level 2

‎08-18-2010 10:43 AM


Are you aware of where Tomcat is installed and how one would go about updating it manually?
0 Kudos

teiva-boy
Level 6

‎08-18-2010 10:58 AM

Like many Symantec products, TomCat may be running on top of IIS.  It's been a while since I used CPS, I just dont in most cases. unless there is a specific client request for it.  

Thus, I would look in IIS to see where the site is located, and start there when you find out the file directory it resides in.  
0 Kudos

Ben_L_
Level 6
Employee

‎08-19-2010 06:22 AM

Paul,

We currently don't have an upgrade path for TomCat in CPS at this time.  I did send off the information about this vulnerability a few of our guys here to see what can be done about it in 12.5.  You may want to look into upgrading to CPS 2010, in the latest version of CPS TomCat is no longer used.
0 Kudos