Installation & Licensing Center
ERROR - Tomcat Vulnerability CVE-2024-52316 detected in Ansys License Manager
Authored by Aaron Schedlin
December 16th, 2024
184 views
0 likes
KB2975070
ERROR
Windows Defender or other software has detected an unchecked error condition vulnerability in Apache Tomcat.
Software & Version
Ansys License Manager 2024R2
*This example was taken from this version but is not necessarily limited to this version.
Description/Cause
Microsoft has detected this as a vulnerability because the authentication process can be bypassed if Tomcat is configured to use a custom Jakarta Authentication ServerAuthContext component that throws an exception during authentication without explicitly
*The cause(s)/solution(s) we identified in this documented instance may not be the only cause(s)/solution(s) for this error.
Solution
Solution 1 - Manually Upgrade Tomcat
You can manually upgrade Tomcat to version 10.1.31, however at the time of writing this article, it is not supported by Ansys. This solution should work, but all functionality within the browser GUI has not been tested.
Solution 2 - Delete the Tomcat Folder
Navigate to C:\Program Files\ANSYS Inc\Shared Files\licensing\tools and delete the Tomcat folder. You will not be able to launch License Manager through the browser GUI, but you can start and stop the License Manager from Windows Services
Upgrade expected in version 2025R1 Service Pack 1
Upcoming version 2025R1 will be released with Tomcat version 10.1.28, which will still generate the vulnerability. Service Pack 1, when released will have Tomcat version 10.1.31.
Related Articles
Recently Updated