Community

Does Apache Tomcat come embedded with ArcGIS Enterprise Installation?

6211
15
Jump to solution
07-13-2021 12:29 PM
MichaelTorbett
by
Frequent Contributor
‎07-13-2021 12:29 PM

I have ArcGIS Enterprise 10.6.1 installed on a virtual machine with a Windows IIS Web Adapter. My network administrator recently did a security scan that shows an old version of Apache Tomcat. It either needs to be upgraded or uninstalled to be is compliance with my agency's security policy.  However, I cannot find any evidence of it being installed.  Does Apache Tomcat come embedded with ArcGIS Enterprise?

 

Thanks,

Michael

0 Kudos
1 Solution

Accepted Solutions
ReeseFacendini
by Esri Alum
Esri Alum
‎07-13-2021 12:39 PM

Yes Enterprise has Apache Tomcat embedded, which helps during installation.  The only way to upgrade the internal version of Tomcat is to upgrade Enterprise as a whole.

View solution in original post

15 Replies
ReeseFacendini
by Esri Alum
Esri Alum
‎07-13-2021 12:39 PM

Yes Enterprise has Apache Tomcat embedded, which helps during installation.  The only way to upgrade the internal version of Tomcat is to upgrade Enterprise as a whole.

MichaelTorbett
by
Frequent Contributor
‎07-13-2021 01:31 PM

Thank you for the answer Reese. That tells me what I need to know. 

0 Kudos
ModyBuchbinder
by Esri Regular Contributor
Esri Regular Contributor
‎11-12-2024 06:27 AM

Hi All

Return to this old post.

Is it documented some where what version of tomcat is embedded?

Tomcat have some vulnerabilities ( https://tomcat.apache.org/security-9.html) is there any way to know that they do not affect server/portal products?

 

0 Kudos
JoshuaBixby
by MVP Esteemed Contributor
MVP Esteemed Contributor
‎11-12-2024 07:04 AM

Short answer, not documented, at least that I have ever seen publicly.  However, simple to determine, just run the version.sh or version.bat file in AGSSERVER/framework/runtime/tomcat/bin folder.

0 Kudos
ToddW_stl
by Esri Contributor
Esri Contributor
‎11-12-2024 07:06 AM

hi Molly - this technical support "how to" article seems to provide what you're looking for.

Identify the version of Apache Tomcat in ArcGIS Server (no longer works)

These steps should allow you to check the Tomcat version embedded within ArcGIS Server.

For further information on how Apache differs from Tomcat and its role as the Servlet Engine, please use the below link. 
Tomcat vs. Apache HTTP Server: What's the difference? (theserverside.com

  1. Open a Command prompt as Administrator on the ArcGIS Server machine
  2. Run a change directory to the ArcGIS Server application directory
    • cd C:/Program Files/ArcGIS/Server/framework/runtime/tomcat/bin
  3. Run "version.bat" in command prompt
  4. Note Server Version towards the middle of the prompt
    • ToddW_stl_0-1733859277184.png

       

JoshuaBixby
by MVP Esteemed Contributor
MVP Esteemed Contributor
‎12-10-2024 10:04 AM

@ToddW_stl, the link provided is dea.

0 Kudos
ToddW_stl
by Esri Contributor
Esri Contributor
‎12-10-2024 11:35 AM

thanks - i've updated my post above!

0 Kudos
ModyBuchbinder
by Esri Regular Contributor
Esri Regular Contributor
‎11-12-2024 09:30 PM

Thanks for the help

On my server 11.3 I get 9.0.86.0

Anybody know what is it for 11.4?

I return to my original question - does the vulnerabilities  on the tomcat effect server machines?

0 Kudos
ToddW_stl
by Esri Contributor
Esri Contributor
‎11-13-2024 09:16 AM

I'd suggest contacting Esri’s Software Security & Privacy Team at SoftwareSecurity@Esri.com (and posting the response/answer here).

0 Kudos