Fixing Tomcat Ghostcat Vulnerability for Knova


You may want to know how to upgrade Knova Tomcat to fic the Ghostcat vulnerability.


  1. Download the Tomcat_upgrade package.
  2. Extract it to the following folder:
    Note: You do not need to extract; it will be extracted by the script. If you have extracted it, remove it - as the script will not remove any existing folders (to avoid breaking anything).
  3. Open Windows services (i.e. run services.msc) and check the Tomcat version deployed previously - if your version is different than 8.5.15, update the $ExistingTomcatFolder parameter in the tomcat_upgrade.ps1 script.


  4. Check which user is used for the Tomcat service (find it's password if you do not know it):

  5. Run PowerShell as Administrator and set the execution policy to “unrestricted”.
  6. Execute the tomcat_upgrade.ps1 script the following folder:
    The script performs the following actions:
    • Stops Knova Tomcat service if it was already running
    • Takes backup of the existing tomcat folder.
    • Unzips the new tomcat folder.
    • Removes the old tomcat service from services registry.
    • Installs the new tomcat service.
    • Gets required folders from the old tomcat folder and copies them to the new tomcat deployment.

      The output of the script should look like this:


      Note: If
      you are having issues with executing the PowerShell script, check your PowerShell execution policy.
  7. After the script is executed, go to Windows services and enter the credentials for the Tomcat service logon user (for the updated Tomcat service).





Please sign in to leave a comment.