SAP Knowledge Base Article - Preview

1259851 - Vulnerability issue with Apache Tomcat


We've identified some vulnerabilities issue with Apache Tomcat which is part of the installed component of Business Objects XI.

The followings are the details: Vuln ID: 6078 Apache Tomcat HTTP Server Directory Traversal Vuln ID: 5168 Apache Tomcat

Documentation Multiple XSS Vuln ID: 5263 Apache Tomcat JCP Example Web Application XSS Vuln ID: 4100 Apache Tomcat servlet

default files installed There are recommendations such as "Remove the 'server-info' file from the HTTP document root, or

restrict access to the page to authorized IP address. The recommend removing default files from the Apache Tomcat web server"

and "Software patches or temporary workarounds address security vulnerabilities which allow malicious users to subvert security

controls" Or simply Apache Tomcat 5.0.27 or which version should we upgrade to fix the vulnerabilities and what default files

we should remove.



SAP BusinessObjects Business Intelligence platform R2


Tomcat 5.0.27Tomcat 5.5.XIR1 SP1 , KBA , BI-BIP-DEP , Webapp Deployment, Networking, Vulnerabilities, Webservices , How To

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.