Outdated version of Apache Tomcat - Ubuntu 20.04

bturnbough81 · November 10, 2022, 4:13pm

Running Ubuntu20.04. Pretty vanilla install.

XWiki was installed with the following command:

apt-get install xwiki-common xwiki-mysql-common xwiki-tomcat9-mysql xwiki-solr-core xwiki-solr-events xwiki-solr-ratings xwiki-tomcat9-common mysql-server tomcat9 net-tools

Per nessus, we have an vulnerable version of Tomcat.

How do we address this?

Apache Tomcat 9.0.0.M1 < 9.0.36 DoS

Questions I have:

How do i get the current version of tomcat on this platform?
How do I ‘upgrade’ to a newer, nonvulnerable version?

Wardenburg · November 11, 2022, 8:35am

To get the current version of your tomcat under linux you can run

sudo find / -name "version.sh"

output: /usr/share/tomcat9/bin/version.sh

sh /usr/share/tomcat9/bin/version.sh

So just add sh to whatever file it finds and you’ll get the current version.

Updating tomcat the usual way should suffice (I’m doing it through webmin myself, I don’t think xwiki cares much what application server hosts it) → there surely are more experienced admins roaming these halls though

tmortagne · November 14, 2022, 10:17am

Note that tomcat9 is just a dependency of XWiki and not something provided by the XWiki package, so this is purely an Ubuntu subject.

According to Ubuntu – Package Search Results -- tomcat9 the current version of Tomcat provided on Ubuntu 20.04 is 9.0.31.