After running a security tool on our cluster, a report found the tomcat version as outdated and vulnerable to certain threats. We have tried to find ways to upgrade Tomcat on our cluster but are not having any success with it.
I realize this is similar to a post https://community.cloudera.com/t5/Support-Questions/Apache-tomcat-compatibility/m-p/159988 which concerns HDP but there are no responses on that post either.
Does anyone have some experience with this? If so, I would be grateful for some pointers.
Are you able to upgrade your environment to CDH 6? In CDH 6 Tomcat is replaced by Jetty. Please take a look at this post:
@CaptainJa The version of Tomcat used in CDH 5.16.2 should not have any vulnerabilities. Could you share the CVE that is reported CDH is vulnerable to?
Per the notice  independent upgrade of Tomcat is not supported and we are moving towards newer versions in CDH6 => Cloudera Enterprise 6 has replaced Tomcat 6 with Jetty 9 and is not susceptible to Tomcat security issues.