07-11-2023 01:53 PM
Hello,
Would you be so kind to help me please, I have a 5240 appliance with netbackup version 8.1 which in an analysis threw a security problem which are these:
Apache tomcat 8.0.0 < 8.0.53 security constraint weakness
Apache tomcat SEoL (8.0.x)
Apache tomcat 8.0.0 < 8.0.52/8.0x < 8.5.31/9.0.x<9.0.8 Denial Service
Apache tomcat 8.0.0RC1<8.0.47 multiple vulnerabilities
Apache tomcat default files
Do you know if there is any ebb or package to install to solve this problem?
Thank you very much
07-12-2023 10:03 PM
@robertoaxity Why not upgrade to 10.0 (NBA 5.0) or higher ?
All tomcat vulnerabilities are addressed in NBA 5.0
07-15-2023 06:55 AM
@robertoaxity If you're not able to immediately upgrade to a supported level where these issues are resolved, in the interim you could login to the Download Center and download some of the fixes there.
Example screenshot, showing a search for the partial word "vulnerabilit":
Afterwards, suggest updating your firmware (per UPD692288) and then upgrading the Appliance OS to supported levels. Hope that helps!
07-17-2023 08:20 AM
I am installing appliance version 4.0 which is netbackup 9.0 to see if this will solve the tomcat problem.
07-17-2023 08:20 AM
I installed it but the security software still shows the tomcat vulnerability.
07-17-2023 03:10 PM
Have you installed the various hot fixes from the 4.0 appliance release and the latest maintenance release?
Finally, if you are still concerned, open a support case for advice on the security alert, sometimes these alerts are generic in nature and do not take account of the way that the particular system is using the software (not saying that it isn't a problem., just that it might not be).
Cheers
David
07-19-2023 06:42 PM
After installing appliance OS version 4.0 and running the vulnerability scan again, it was successful and no longer shows tomcat problems.
Thank you all very much.