cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Veritas.com
Support

OpsCenter Server 7.5.0.4 tomcat version

Go to solution
AB_Chaudhry
Level 4
Partner

‎02-25-2013 04:05 AM

We are running OpsCenter Server 7.1.0.2 on Windows Server 2008 R2 with Apache Tomcat 6.0.32 which is reported for followoing vulnerabilities:

CVE-2012-5568

CVE-2011-4858

Apache Tomcat 6.0.35 can override the Hash Collision Denial of Service vulnerability “CVE-2011-4858”. OpsCenter 7.5 is upgraded with Apache Tomcat 6.0.33 so we need to know 

Which patch of OpsCenter Server 7.5 can upgrade Apache Tomcat to 6.0.35 or higher?

To which version Apache Tomcat is upgraded with OpsCenter Server 7.5.0.4?

Can we separtely download Apache Tomcat latest version and upgrade it only without upgrading or patching OpsCenter Server?

Thanks in anticipation.

 

1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
CRZ
Level 6
Employee Accredited Certified

‎02-25-2013 11:33 AM

I've answered this before...
 https://www-secure.symantec.com/connect/forums/cve-research

...but here's an updated answer for 7.5.0.5 and your newer CVE report!

tomcat 6.0.35 is used in OpsCenter 7.1.0.4 (page 64 of the 7.1.0.4 Release Notes)

tomcat 6.0.35 is also used from OpsCenter 7.5.0.1 (page 58 of the 7.5.0.1 Release Notes)

tomcat 6.0.36 is used in OpsCenter 7.5.0.5 (page 68 of the 7.5.0.5 Release Notes)

If you require tomcat 6.0.36, you should upgrade your OpsCenter Server to 7.5.0.5 as soon as you can.  (You do not necessarily need to upgrade NetBackup at the same time - OpsCenter should always be upgraded first.)

NetBackup 7.1.0.4 Release Notes
 http://symantec.com/docs/DOC5201

NetBackup 7.5.0.1 Release Notes
 http://symantec.com/docs/DOC5514

NetBackup 7.5.0.5 Release Notes
 http://symantec.com/docs/DOC6038

View solution in original post

0 Kudos
1 REPLY 1

Go to solution
CRZ
Level 6
Employee Accredited Certified

‎02-25-2013 11:33 AM

I've answered this before...
 https://www-secure.symantec.com/connect/forums/cve-research

...but here's an updated answer for 7.5.0.5 and your newer CVE report!

tomcat 6.0.35 is used in OpsCenter 7.1.0.4 (page 64 of the 7.1.0.4 Release Notes)

tomcat 6.0.35 is also used from OpsCenter 7.5.0.1 (page 58 of the 7.5.0.1 Release Notes)

tomcat 6.0.36 is used in OpsCenter 7.5.0.5 (page 68 of the 7.5.0.5 Release Notes)

If you require tomcat 6.0.36, you should upgrade your OpsCenter Server to 7.5.0.5 as soon as you can.  (You do not necessarily need to upgrade NetBackup at the same time - OpsCenter should always be upgraded first.)

NetBackup 7.1.0.4 Release Notes
 http://symantec.com/docs/DOC5201

NetBackup 7.5.0.1 Release Notes
 http://symantec.com/docs/DOC5514

NetBackup 7.5.0.5 Release Notes
 http://symantec.com/docs/DOC6038

0 Kudos