Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000177553

DSA-2020-070: Dell Wyse Management Suite and Dell Wyse Management Repository Security Update for Apache Tomcat Vulnerability

Summary: The Apache Tomcat component within Dell Wyse Management Suite and Dell Wyse Management Repository requires a mitigation to address a vulnerability.

Article Content

Impact

Critical

Details

The component below is updated for the following vulnerability:

  • Apache Tomcat

CVE-2020-1938

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.   To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.

The component below is updated for the following vulnerability:

  • Apache Tomcat

CVE-2020-1938

For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here, consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.   To search for a particular CVE, use the database’s search utility at http://web.nvd.nist.gov/view/vuln/search.

Dell Technologies recommends all customers consider both the CVSS base score and any relevant temporal and environmental scores that may impact the potential severity associated with a particular security vulnerability.

Affected Products and Remediation

Affected products:

Dell Wyse Management Suite versions prior to 2.0

Dell Wyse Management Repository versions prior to 2.0

Remediation:
 

The following Dell Wyse Management Suite and Dell Wyse Management Repository releases contains a mitigation to this vulnerability:

 

SLN320829_en_US__1icon Note: The Dell Wyse Management Remote Repository option is only available with the pro license of Dell Wyse Management Suite.  If you have Dell Wyse Management Suite Pro, the remote repository install binaries can be downloaded from Dell Digital Locker, which is where the pro licenses are registered.

 

Workaround:

Customers can either upgrade to 2.0 or later or choose to apply the workaround listed below to mitigate this vulnerability for existing Dell Wyse Management Suite and Dell Wyse Management Repository releases 1.4.1, 1.4 and 1.3.

  1. Identifying the Tomcat installation directory
  1. Open the window service panel using "services.msc" command in command prompt.
  2. Search "Dell WMS: Tomcat Service" service from the service panel.
  3. Open the properties of the searched services.
  4. Excluding "bin/Tomcat9.exe" from the "Path to executable" property of the above located service will be the path of Tomcat installation.
  5. This obtained value from step (d) will be considered as <CATALINA_BASE> in the steps listed below.
  1. Configuration changes
    1. Edit <CATALINA_BASE>/conf/server.xml and locate the following line: (<CATALINA_BASE> is the Tomcat work directory): <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    2. Comment out (or just delete it): <!--<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />-->
    3. Save the edit.
    4. Restart Tomcat.

 

Affected products:

Dell Wyse Management Suite versions prior to 2.0

Dell Wyse Management Repository versions prior to 2.0

Remediation:
 

The following Dell Wyse Management Suite and Dell Wyse Management Repository releases contains a mitigation to this vulnerability:

 

SLN320829_en_US__1icon Note: The Dell Wyse Management Remote Repository option is only available with the pro license of Dell Wyse Management Suite.  If you have Dell Wyse Management Suite Pro, the remote repository install binaries can be downloaded from Dell Digital Locker, which is where the pro licenses are registered.

 

Workaround:

Customers can either upgrade to 2.0 or later or choose to apply the workaround listed below to mitigate this vulnerability for existing Dell Wyse Management Suite and Dell Wyse Management Repository releases 1.4.1, 1.4 and 1.3.

  1. Identifying the Tomcat installation directory
  1. Open the window service panel using "services.msc" command in command prompt.
  2. Search "Dell WMS: Tomcat Service" service from the service panel.
  3. Open the properties of the searched services.
  4. Excluding "bin/Tomcat9.exe" from the "Path to executable" property of the above located service will be the path of Tomcat installation.
  5. This obtained value from step (d) will be considered as <CATALINA_BASE> in the steps listed below.
  1. Configuration changes
    1. Edit <CATALINA_BASE>/conf/server.xml and locate the following line: (<CATALINA_BASE> is the Tomcat work directory): <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
    2. Comment out (or just delete it): <!--<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />-->
    3. Save the edit.
    4. Restart Tomcat.

 

Related Information

Dell Security Advisories and Notices
Dell Vulnerability Response Policy
CVSS Scoring Guide

Legal Information

Article Properties

Affected Product

Wyse Software, Wyse Management Suite

Last Published Date

22 May 2021

Version

5

Article Type

Dell Security Advisory

Back to Top