Uploaded image for project: 'Crowd Data Center'
  1. Crowd Data Center
  2. CWD-6187

Upgrade Tomcat to fix CVE-2023-46589

    XMLWordPrintable

Details

    Description

      Issue Summary

      This is reproducible on Data Center: 

      Apache Tomcat should be upgraded to 8.5.96 and later or 9.0.83 or a later version to fix CVE-2023-46589

      Environment

      • Crowd 5.2.x
      • Crowd 5.2.x comes with Apache 9.0.82  (which is affected by the CVE)

      Steps to Reproduce

      • Check the Apache Tomcat version 

      Expected Results

      • Crowd 5.2.x: Apache Tomcat version 9.0.83 and later

      Actual Results

      • Apache Tomcat version 9.0.82 and earlier

      Workaround

      To mitigate the issue, it is possible to manually upgrade Apache Tomcat by following a process similar to the one described in the KB articles below but please note that this will place the application in an unsupported state:

      WARNING: Unless still reproducible on official releases, Atlassian Support may refuse support requests for Crowd running over unofficial Tomcat versions.

      Attachments

        Activity

          People

            Unassigned Unassigned
            2f0471d2a1a4 Suat Kandiş
            Votes:
            2 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: