Chris_Thomas

MySql and Tomcat security vulnerabilities

Discussion created by Chris_Thomas Employee on Apr 9, 2013
Latest reply on Apr 11, 2013 by another_martink

You have identified MySql and Tomcat security vulnerabilities reported. Here are the options you have to mitigate the security vulnerabilities you've identified with these optional 3rd party products, which were shipped within the Report Server install media:

[list=1]
[*]Uninstall / Reinstall report server using CABI 3.3. (Recommended)
[list=1]
[*]Optional 3rd party software includes a later version of Tomcat version 6.0.24 and SQL Anywhere version 12.0.1.3436 (instead of MySQL) Out-of-the-Box.
[list]
[*]Utilize IIS and MSSQL for the report server in place of Tomcat and MySQL.
[list=1]
[*]Homogeneous to CA IdM deployment options, use Windows enterprise grade software already deployed in your environment.
[list]
[*]Upgrade report server using CABI 3.3.
[list=1]
[*]Allows more flexibility with versioning of Tomcat and MySQL. *(1)(2) see below
[*]SQL Anywhere 12 deployed, migration from existing MySQL performed.
[*]Tomcat not upgraded, it’s a manual upgrade procedure. (limited support)
[list]
[*]Upgrade CABI 3.2 using SP5 patch.
[list=1]
[*]Allows more flexibility with versioning of Tomcat and MySQL. *(1)(2) see below
[*]This will allow you to apply updates to your existing Tomcat and MySQL.
[*]Note that upgrading Tomcat and MySQL falls outside the scope of CA Support and is not completed by the SP5 upgrade. [list]
[list]
*Addendum*
(1) CABI 3.3 is equivalent to BOXI 3.1 SP5 -- Tomcat 5.5 – 7 and MySql 5.0 – 5.1 -- SP5 supported Platforms Guide
(2) CABI 3.2 is equivalent to BOXI 3.1 SP3 -- Tomcat 5.5 – 6.0.18 and MySql 5.0 -- SP3 supported Platforms Guide

Please post with any questions or concerns.
Thank you.
Regards,

Chris Thomas
CA Technologies
Principal Support Engineer
IdentityMinder Reporting Expert
Tel: +1-631-342-4360
Chris.Thomas@ca.com

Outcomes