Fixing Tomcat Ghostcat Vulnerability for Knova

Overview

You may want to know how to upgrade Knova Tomcat to fic the Ghostcat vulnerability.

Solution

  1. Download the Tomcat_upgrade package.
  2. Extract it to the following folder:
    <Knova_Installation_Folder>\Software\Install\accessories\
    Note: You do not need to extract tomcat-8.5.57.zip; it will be extracted by the script. If you have extracted it, remove it - as the script will not remove any existing folders (to avoid breaking anything).
  3. Open Windows services (i.e. run services.msc) and check the Tomcat version deployed previously - if your version is different than 8.5.15, update the $ExistingTomcatFolder parameter in the tomcat_upgrade.ps1 script.

    mceclip0.png

  4. Check which user is used for the Tomcat service (find it's password if you do not know it):

    mceclip1.png
  5. Run PowerShell as Administrator and set the execution policy to “unrestricted”.
  6. Execute the tomcat_upgrade.ps1 script the following folder:
    <Knova_Installation_Folder>\Software\Install\accessories\
    The script performs the following actions:
    • Stops Knova Tomcat service if it was already running
    • Takes backup of the existing tomcat folder.
    • Unzips the new tomcat folder.
    • Removes the old tomcat service from services registry.
    • Installs the new tomcat service.
    • Gets required folders from the old tomcat folder and copies them to the new tomcat deployment.

      The output of the script should look like this:

      mceclip2.png


      Note: If
      you are having issues with executing the PowerShell script, check your PowerShell execution policy.
  7. After the script is executed, go to Windows services and enter the credentials for the Tomcat service logon user (for the updated Tomcat service).

 

Attachments

Comments

0 comments

Please sign in to leave a comment.