Skip to Content
Aug 26, 2020 at 01:32 PM

Detection of Apache Tomcat Web Socket DOS vulnerability on the Tomcat component of SAP BO BI


We are using the SAP BusinessObjects Business Intelligence client version 4.1 application whose main purpose is to provide reports for BMC Truesight Tool users. However, there is a vulnerability detected for the Apache Tomcat component of this application by the Qualys Scanning Tool.

Vulnerability details below.

CVE ID: CVE-2020-13935

Vulnerability name: Apache Tomcat WebSocket Denial of Service Vulnerability

Port on which vulnerability is detected: 8080

Server OS: Windows Server 2012 R2 Datacenter 64 bit Edition

I generally understand from few blogs, this vulnerability can be remediated by upgrading the Tomcat to a non-vulnerable version. However, it would be good if the SAP community help me to remediate this vulnerability with detailed steps.

Thanks and Regards,

Karthik Vijayan