cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

Netbackup 8.1 tomcat security vulnerabilities

robertoaxity
Moderator
Moderator
   VIP   

‎07-11-2023 01:53 PM

Hello,

Would you be so kind to help me please, I have a 5240 appliance with netbackup version 8.1 which in an analysis threw a security problem which are these:

Apache tomcat 8.0.0 < 8.0.53 security constraint weakness
Apache tomcat SEoL (8.0.x)
Apache tomcat 8.0.0 < 8.0.52/8.0x < 8.5.31/9.0.x<9.0.8 Denial Service
Apache tomcat 8.0.0RC1<8.0.47 multiple vulnerabilities
Apache tomcat default files

Do you know if there is any ebb or package to install to solve this problem?

Thank you very much

0 Kudos
6 REPLIES 6

sanket_pathak1
Level 4

‎07-12-2023 10:03 PM

@robertoaxity Why not upgrade to 10.0 (NBA 5.0) or higher ?

All tomcat vulnerabilities are addressed in NBA 5.0

0 Kudos

VerJD
Level 4
Employee

‎07-15-2023 06:55 AM

@robertoaxity If you're not able to immediately upgrade to a supported level where these issues are resolved, in the interim you could login to the Download Center and download some of the fixes there.

Example screenshot, showing a search for the partial word "vulnerabilit":

VerJD_0-1689428930198.png

Afterwards, suggest updating your firmware (per UPD692288) and then upgrading the Appliance OS to supported levels. Hope that helps!

 

JD | Veritas NetBackup Support
0 Kudos

robertoaxity
Moderator
Moderator
   VIP   
In response to sanket_pathak1

‎07-17-2023 08:20 AM

I am installing appliance version 4.0 which is netbackup 9.0 to see if this will solve the tomcat problem.

0 Kudos

robertoaxity
Moderator
Moderator
   VIP   
In response to VerJD

‎07-17-2023 08:20 AM

I installed it but the security software still shows the tomcat vulnerability.

0 Kudos

davidmoline
Level 6
Employee
In response to robertoaxity

‎07-17-2023 03:10 PM

Hi @robertoaxity 

Have you installed the various hot fixes from the 4.0 appliance release and the latest maintenance release?

Finally, if you are still concerned, open a support case for advice on the security alert, sometimes these alerts are generic in nature and do not take account of the way that the particular system is using the software (not saying that it isn't a problem., just that it might not be). 

Cheers
David

0 Kudos

robertoaxity
Moderator
Moderator
   VIP   

‎07-19-2023 06:42 PM

After installing appliance OS version 4.0 and running the vulnerability scan again, it was successful and no longer shows tomcat problems.

Thank you all very much.

0 Kudos