Does ColdFusion requires Apache Tomcat?

Report · Jun 06, 2017

I don't remember installing Apache Tomcat for coldFusion. Is Apache Tomcat service require for ColdFusion to function? We are currently running IIS as our web server.

Report · Jun 06, 2017

Hi,

You don't need Apache Tomcat installed on your machine to run ColdFusion. ColdFusion is using Tomcat as an underlying architecture. If you are using IIS, just install ColdFusion and create a connector.

Thanks,

Priyank

Thanks,
Priyank Shrivastava

Report · Jun 06, 2017

ColdFusion is using Tomcat as an underlying architecture but it's not using Apache Tomcat? What I'm trying to get here is that if it's ColdFusion that's requiring apache tomcat, then we need to upgrade/patch tomcact since we've found a vulnerability when we scaned the machine; however, I couldn't verify that we are actually running apache tomcat on our server.

Report · Jun 06, 2017

Hi,

Please tell us the ColdFusion version which you are running and also tell us the vulnerability. You cannot upgrade the internal Tomcat by your own.

In case, you have a J2EE deployment over Tomcat, then you can certainly upgrade the Tomcat version.

Thanks,

Priyank

Thanks,
Priyank Shrivastava

Report · Jun 06, 2017

The scanned show: Apache Tomcat 7.0.x < 7.0.57 Multiple Vulnerabilities (POODLE)

No details on the vulnerabilities.

Running ColdFusion version: 10,292620

Report · Jun 06, 2017

You can update ColdFusion to the latest update. Make sure, you are not using JDK1.6 and most important, you have to disable the SSLv3. You can find an article which will tell you how to disable it.

Thanks,

Priyank

Thanks,
Priyank Shrivastava

Adobe Community

Does ColdFusion requires Apache Tomcat?