Vulnerability has been found in Apache Tomcat server

Hi JetBrains Teams,

We found vulnerability in Apache Tomcat server.

TeamCity Professional 2022.04.4 (build 108763) is delivered with Apache Tomcat/8.5.78

We found CVE-2021-42340 and CVE-2021-33037 vulnerability in this version, how we can fix it? how to upgrade to newest Apache Tomcat server version? Treat as URGENT.

1 comment
Comment actions Permalink
Hi Thomas,

as you already stated, TeamCity is using Tomcat 8.5.78.
According to the data on the vulnerabilities you shared:
CVE-2021-42340 only impacts 8.5.60 to 8.5.71
CVE-2021-33037 only impacts 8.5.0 to 8.5.66

so none of them should impact TeamCity. Should you find a way to exploit them in the newer versions, please do make sure to let us know.

Please sign in to leave a comment.