Our security team has scanned our production server and identified vulnerabilities with Apache Tomcat server v 6.0.20.
They have recommended that Apache be upgraded to 6.0.24. Reading through the forums, I believe this is the process to do so
- Take a backup of httpd.conf file
- Using add remove programs, uninstall version 6.0.20
- Install 6.0.24
But, I have some questions depending on a quick test I did to install 6.0.20 and upgrade it to 6.0.24
- Where do I get Tomcat administrator login information?
- Is it enough just to backup the HTTPD.CONF file? I was thinking to back up everything in the Apache folder instead.
- Is it possible not to upgrade 6.0.20 to 6.0.24 by running the MSI installer over the same Apache folder? Is it due to the HTTP/1.1 Connector Port being busy/used that doesn't allow an update of Tomcat on the same port?
- Is a restart of the server required after upgrade?
Last but not the least, I am using these executables to test the upgrade. 6.0.20 gets installed fine but when I run 6.0.24, it prompts me for the JRE path and directing it to 6.0.20 JVM Path gives me a message that "JVM is not found". The JVM info on the Apache manager is in this directory
What am I missing here?
I need your thoughts and advice to make this as easy as possible since this is a production server.
Aucun commentaire:
Enregistrer un commentaire