Vulnerability has been found in Apache Tomcat server Follow
Hi JetBrains Teams,
We found vulnerability in Apache Tomcat server.
TeamCity Professional 2022.04.4 (build 108763) is delivered with Apache Tomcat/8.5.78
We found CVE-2021-42340 and CVE-2021-33037 vulnerability in this version, how we can fix it? how to upgrade to newest Apache Tomcat server version? Treat as URGENT.
Please sign in to leave a comment.
as you already stated, TeamCity is using Tomcat 8.5.78.
According to the data on the vulnerabilities you shared:
CVE-2021-42340 only impacts 8.5.60 to 8.5.71
CVE-2021-33037 only impacts 8.5.0 to 8.5.66
so none of them should impact TeamCity. Should you find a way to exploit them in the newer versions, please do make sure to let us know.