Hi,
our nessus scanner found the Tomcat version (6.0.20) which comes with vCenter 4.1 is vulnerable to http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2227
is there a way how to upgrade Tomcat to a newer version from apache.org?i suppose it's not as simple as downloading the installer from apache and run it, or is it?
thanks for your help
Cause the tomcat is part of vCenter I suggest to keep as is and wait official update from VMware.
Otherwise the related webservices can stop to work.
Andre
Or you can open an SR request with VMware and they can walk you through it. The versions they use for alot of their products are not the latest and most secured but if it is a concern they can take you through it as they did me. I documented it but because of my NDA it was left at my last job.
Regards,
Chad King