We have Backup Exec 12.5 for Windows Servers with Continuous Protection. A function called Web Retriever uses Apache Tomcat 5.5.7. Unfortunately, I work in a government facility and that version of Tomcat has been flagged with an IAVA (information assurance vulnerability alert) and therefore I need to patch it, create a workaround with the vulnerability, or stop using the application. I'm trying to figure out if there is a way to upgrade that installation of Tomcat to 5.5.30. Does anyone know if its possible to do this? I've also read that sometimes the scan creates a false positive with vendor specific backports of Tomcat, though I'm not sure if that's the case here. The IAVA# is 2010-B-0052 if anyone wants to research it.
Thanks