Most scanners cannot accurately find the version of Apache Tomcat and may detect and display vulnerability issues that only apply to older versions of Tomcat.
Some vulnerability scanners can falsely detect vulnerabilities if they are unable to detected the version of Apache Tomcat. This leads to the scanner displaying vulnerabilities that only affect older versions of Tomcat. They do not affect your current setup. If you try testing your site for vulnerabilities and get positive results, we recommend that you first verify which version of Tomcat you are using and what issues have been fixed in it.
- To see which version of Tomcat you are currently using, navigate to your Acronis Access' installation directory and find the version number on the Apache Tomcat folder. By default, this is located in C:\Program Files (x86)\Acronis\Access\Common\apache-tomcat-<version>.
- At https://tomcat.apache.org/security-7.html you can find a list of all Tomcat 7 versions and which vulnerabilities were fixed in them.
- At http://www.acronis.com/en-us/support/documentation/AcronisAccessAdvanced/index.html#27221.html you can check if we have made any changes to the Apache Tomcat version we are shipping with your version of Acronis Access.