Nitin,
Upgrading the Tomcat version will not remediate those specific findings
(they aren't Tomcat version related, but they are related to how the
installation was configured/installed) . Newer versions contain numerous
fixes, including a number of security fixes, that really should be applied
to
Then the organisation either needs to get in someone to replace the missing
employee, train up a person, or stop using that application.
What happens if the server crashes? If there is a bug? You need to update
certificates?
What happens if you had a security incident? The sever gets hacks and an
Thank you Robert for your reply.
If we upgrade the tomcat version from the current 8.5.38 to 8.5.61 will
this remediate the findings or still we need to delete these files as
suggested.
Also, is this upgrade is straightforward, or do we need to perform the same
with any specific steps, Please sug
Hi Darryl - The person who builds this is no more with the organization and
in his absence, I have been asked to handle this, I am from a windows
administrator background.
We only have couple of web apps hosted so no frequent changes happened.
There
On Thu, Jan 21, 2021 at 8:49 PM Darryl Lewis
On Thu, Jan 21, 2021 at 7:19 AM Nitin Kadam wrote:
> Hi Team,
>
> The internal security team reported below as Security findings. We do not
> have anyone from a Tomcat background and for same we need to know the best
> steps to resolve this issue.
I am thinking you might need to adjust your expec
How do you run and support a server technology you know nothing about?
Someone must have built it, installed it, and support it.
On 22/1/21, 1:25 am, "Nitin Kadam" wrote:
Hi Team,
The internal security team reported below as Security findings. We do not
have anyone from a Tomcat ba
Nitin,
On 1/21/21 09:17, Nitin Kadam wrote:
The internal security team reported below as Security findings. We do not
have anyone from a Tomcat background and for same we need to know the best
steps to resolve this issue.
"Delete the default index page and remove the example JSP and servlets.
F
Have a look at https://tomcat.apache.org/tomcat-8.5-doc/security-howto.html
. The documentation includes the recommendations made by your internal
security team, along with others.
You may also want to upgrade to 8.5.61 or 9.0.41 to pick up the latest
security updates for Tomcat. (latest versions
Hi Team,
The internal security team reported below as Security findings. We do not
have anyone from a Tomcat background and for same we need to know the best
steps to resolve this issue.
"Delete the default index page and remove the example JSP and servlets.
Follow the Tomcat or OWASP instruction