Running Ubuntu20.04. Pretty vanilla install.
XWiki was installed with the following command:
apt-get install xwiki-common xwiki-mysql-common xwiki-tomcat9-mysql xwiki-solr-core xwiki-solr-events xwiki-solr-ratings xwiki-tomcat9-common mysql-server tomcat9 net-tools
Per nessus, we have an vulnerable version of Tomcat.
How do we address this?
Apache Tomcat 9.0.0.M1 < 9.0.36 DoS
Questions I have:
- How do i get the current version of tomcat on this platform?
- How do I ‘upgrade’ to a newer, nonvulnerable version?
To get the current version of your tomcat under linux you can run
sudo find / -name "version.sh"
output: /usr/share/tomcat9/bin/version.sh
sh /usr/share/tomcat9/bin/version.sh
So just add sh to whatever file it finds and you’ll get the current version.
Updating tomcat the usual way should suffice (I’m doing it through webmin myself, I don’t think xwiki cares much what application server hosts it) → there surely are more experienced admins roaming these halls though
Note that tomcat9
is just a dependency of XWiki and not something provided by the XWiki package, so this is purely an Ubuntu subject.
According to Ubuntu – Package Search Results -- tomcat9 the current version of Tomcat provided on Ubuntu 20.04 is 9.0.31.