02-25-2013 04:05 AM
We are running OpsCenter Server 7.1.0.2 on Windows Server 2008 R2 with Apache Tomcat 6.0.32 which is reported for followoing vulnerabilities:
Apache Tomcat 6.0.35 can override the Hash Collision Denial of Service vulnerability “CVE-2011-4858”. OpsCenter 7.5 is upgraded with Apache Tomcat 6.0.33 so we need to know
Which patch of OpsCenter Server 7.5 can upgrade Apache Tomcat to 6.0.35 or higher?
To which version Apache Tomcat is upgraded with OpsCenter Server 7.5.0.4?
Can we separtely download Apache Tomcat latest version and upgrade it only without upgrading or patching OpsCenter Server?
Thanks in anticipation.
Solved! Go to Solution.
02-25-2013 11:33 AM
I've answered this before...
https://www-secure.symantec.com/connect/forums/cve-research
...but here's an updated answer for 7.5.0.5 and your newer CVE report!
tomcat 6.0.35 is used in OpsCenter 7.1.0.4 (page 64 of the 7.1.0.4 Release Notes)
tomcat 6.0.35 is also used from OpsCenter 7.5.0.1 (page 58 of the 7.5.0.1 Release Notes)
tomcat 6.0.36 is used in OpsCenter 7.5.0.5 (page 68 of the 7.5.0.5 Release Notes)
If you require tomcat 6.0.36, you should upgrade your OpsCenter Server to 7.5.0.5 as soon as you can. (You do not necessarily need to upgrade NetBackup at the same time - OpsCenter should always be upgraded first.)
02-25-2013 11:33 AM
I've answered this before...
https://www-secure.symantec.com/connect/forums/cve-research
...but here's an updated answer for 7.5.0.5 and your newer CVE report!
tomcat 6.0.35 is used in OpsCenter 7.1.0.4 (page 64 of the 7.1.0.4 Release Notes)
tomcat 6.0.35 is also used from OpsCenter 7.5.0.1 (page 58 of the 7.5.0.1 Release Notes)
tomcat 6.0.36 is used in OpsCenter 7.5.0.5 (page 68 of the 7.5.0.5 Release Notes)
If you require tomcat 6.0.36, you should upgrade your OpsCenter Server to 7.5.0.5 as soon as you can. (You do not necessarily need to upgrade NetBackup at the same time - OpsCenter should always be upgraded first.)