Does Apache Tomcat come embedded with ArcGIS Enterprise Installation?

2938
7
Jump to solution
07-13-2021 12:29 PM
MichaelTorbett
Frequent Contributor

I have ArcGIS Enterprise 10.6.1 installed on a virtual machine with a Windows IIS Web Adapter. My network administrator recently did a security scan that shows an old version of Apache Tomcat. It either needs to be upgraded or uninstalled to be is compliance with my agency's security policy.  However, I cannot find any evidence of it being installed.  Does Apache Tomcat come embedded with ArcGIS Enterprise?

 

Thanks,

Michael

0 Kudos
1 Solution

Accepted Solutions
ReeseFacendini
Esri Regular Contributor

Yes Enterprise has Apache Tomcat embedded, which helps during installation.  The only way to upgrade the internal version of Tomcat is to upgrade Enterprise as a whole.

View solution in original post

7 Replies
ReeseFacendini
Esri Regular Contributor

Yes Enterprise has Apache Tomcat embedded, which helps during installation.  The only way to upgrade the internal version of Tomcat is to upgrade Enterprise as a whole.

MichaelTorbett
Frequent Contributor

Thank you for the answer Reese. That tells me what I need to know. 

0 Kudos
ModyBuchbinder
Esri Regular Contributor

Hi All

Return to this old post.

Is it documented some where what version of tomcat is embedded?

Tomcat have some vulnerabilities ( https://tomcat.apache.org/security-9.html) is there any way to know that they do not affect server/portal products?

 

0 Kudos
JoshuaBixby
MVP Esteemed Contributor

Short answer, not documented, at least that I have ever seen publicly.  However, simple to determine, just run the version.sh or version.bat file in AGSSERVER/framework/runtime/tomcat/bin folder.

0 Kudos
ToddW_stl
Esri Contributor

hi Molly - this technical support "how to" article seems to provide what you're looking for.

Identify the version of Apache Tomcat in ArcGIS Server

0 Kudos
ModyBuchbinder
Esri Regular Contributor

Thanks for the help

On my server 11.3 I get 9.0.86.0

Anybody know what is it for 11.4?

I return to my original question - does the vulnerabilities  on the tomcat effect server machines?

0 Kudos
ToddW_stl
Esri Contributor

I'd suggest contacting Esri’s Software Security & Privacy Team at SoftwareSecurity@Esri.com (and posting the response/answer here).

0 Kudos