+2Hello Team,
The project I am currently working in, has got some vulnerabilities with installed Apache Tomcat into the JSS server
The Apache Tomcat needs to be upgraded. Could you please guide with the instruction process of upgrading the Apache?
Thanks,
Abhik
+6Hi @abbiksaha_18, I think you might be better served posting your question at https://serverfault.com/. They are more focused on server issues there.
+25@abbiksaha_18 Was your JSS manually installed? If you're using the Jamf Pro installer it will update the Tomcat install along with the JSS, so installing the latest JSS release is probably easier than updating just the Tomcat install on your server.
+4If you have installed JSS manually then you can check with your server support teams / communities for upgrade path and methods. However all Jamf installers will provide you with updated apache setup as well and running these installers will upgrade your Tomcat to latest version as well.
However regarding your issue of vulnerabilities, there are many ways you can remediate the same without upgrading ( obviously it depends on the nature and severity of the vulnerability and controls available e.g. in case of weak ciphers you can simply replace the cipher supported by apache in web.config or in case of configuration pages / JAMF swagger UI related vulnerabilities- you might want to go with content level restrictions in apache rather than simply upgrading it and so on)
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
