Tomcat fails our security scan
Issue
- We ran a security scan and it says we need to upgrade tomcat to acquire vulnerability fixes. Is this true?
- tomcat version is old.
- Why does Red Hat stick to old tomcat version when new and security improved versions are available?
- The server is running Apache Tomcat and is prone to multiple vulnerabilities.
Environment
- Red Hat Enterprise Linux (RHEL)
- JBoss Enterprise Web Server (EWS)
- tomcat-6.0.24
- tomcat-5.5.23
- tomcat-7.0.54
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.