Skip to main content
ExLibris

Knowledge Assistant

BETA
 
  • Subscribe by RSS
  • Back
    Voyager

     

    Ex Libris Knowledge Center
    1. Search site
      Go back to previous article
      1. Sign in
        • Sign in
        • Forgot password
    1. Home
    2. Voyager
    3. Knowledge Articles
    4. Addressing CVE-2020-1938 Tomcat vulnerability for Voyager Environments

    Addressing CVE-2020-1938 Tomcat vulnerability for Voyager Environments

    1. Last updated
    2. Save as PDF
    3. Share
      1. Share
      2. Tweet
      3. Share
    1. Installing Patch for CVE-2020-1938 in Voyager Environments
    • Product: Voyager   
    • Product Version: All
    • Relevant for Installation Type: Multi-Tenant Direct, Dedicated-Direct, Local, TotalCare

    CVE-2020-1938 vulnerability was reported when using Apache JServ Protocol (AJP)

    This Impacts Apache Tomcat 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99 , Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses.

    This issue can be addressed in Voyager by downloading and running the patch kit on the voyager server.

    This procedure requires:

    • Access to the exlibirs FTP server at downloads.exlibrisgroup.com
    • Access to the root user on your system.
    • Basic understanding of the linux command line.

    If uncomfortable with or unable to run the following commands please open a case to Voyager support:

    Installing Patch for CVE-2020-1938 in Voyager Environments
    1. Log on to the server as root.
    2. Run the following commands:
    mkdir -p /m1/incoming/patch
    
    cd /m1/incoming/patch
    
    ftp downloads.exlibrisgroup.com
    
    voyager / LVf_,7lF
    
    cd patch
    
    mget *
    
    exit
    
    bzip2 -dc vik4.patch.tar.bz2 | tar -xvf -
    
    1. Launch the Voyager patch kit with these commands:
    cd vik4
    ./ikit_menu
    
    1. Run menu 1 steps 1 through 5, 7, 8 and 10 to download the latest 3rd party packages for Voyager, including the new Tomcat
    2. Run menu 2 steps 1 through 5 and 16 and 17. These will stop Apache and Voyager, install the latest versions of your 3rd party packages and then re-start Apache and Voyager.

     


    • Article last edited: 3/16/2020
    View article in the Exlibris Knowledge Center
    1. Back to top
      • Adding MARC field in Voyager Global Data Change places new field at the end of the record
      • Addressing Linked Purchase Orders when Deleting Bibliographic Records in Voyager
    • Was this article helpful?

    Recommended articles

    1. Article type
      Topic
      Language
      English
      Product
      Voyager
    2. Tags
      This page has no tags.
    1. © Copyright 2025 Ex Libris Knowledge Center
    2. Powered by CXone Expert ®
    • Term of Use
    • Privacy Policy
    • Contact Us
    2025 Ex Libris. All rights reserved