Symptoms
Security scans on vCenter Server fail due to the Tomcat version installed A security scan performed on the vCenter Server system reports that there are vulnerabilities in the version of Apache Tomcat installed
Resolution
Apache Tomcat is installed for use with VMware VirtualCenter Management Webservices. Scanning software can report vulnerabilities with older versions of Tomcat Apache Tomcat is installed as a part of vCenter Server and cannot be upgraded/patched individually. Manually patching the Apache Tomcat installation is not recommended and may disrupt the Webservices functionality, such as Performance Overview, Hardware Status, Storage Views, vCenter Search, vCenter Service Status, and License Reporting Manager. The appropriate method for patching the included Apache Tomcat application is to apply the latest version/patch of vCenter Server. As new versions of vCenter Server are released, the included Apache Tomcat application may be upgraded to a newer version that would address the known vulnerabilities. The release notes for the version of vCenter Server will provide more information on changes to the included Apache Tomcat application.
Related Information
Please use the VMware Feature Request site to request that a specific vulnerability be addressed or a newer version of Apache Tomcat be included with vCenter Server.
