Menu

Security Vulnerabilities in Apache Tomcat
Platform: All Platforms Applies to: COMSOL Model Manager server, COMSOL Multiphysics®, COMSOL Server™ Versions: All versions

Problem Description

Does the COMSOL software contain the Apache Tomcat® software and, if so, is it affected by security vulnerabilities found in it? Can I update it sooner than the next product update?

Solution

Summary

The following COMSOL functionality uses a built-in distribution of the Apache Tomcat 9 software:

  • The documentation and help in COMSOL Multiphysics and COMSOL Documentation (when the Help > Source > Location preference is set to Local)
  • Running COMSOL Multiphysics in client-server mode
  • Model Manager server
  • COMSOL Server

Install the latest product updates for the COMSOL software to also update its built-in Apache Tomcat distribution. If needed, see below for more information about Apache Tomcat security vulnerabilities and how to manually update the built-in Apache Tomcat distribution of COMSOL software.

Security vulnerabilities

All security vulnerabilities that are fixed in released versions of Apache Tomcat 9 are listed by the Apache Tomcat security team on the Apache Tomcat 9.x vulnerabilities page.

Not all security vulnerabilities of Apache Tomcat apply to the COMSOL software, since the COMSOL software does not expose all functionality of its built-in Apache Tomcat distribution. In fact, COMSOL software typically only uses a relatively limited subset of the Apache Tomcat functionality.

  • CVE-2025-24813
    Assessment: Not vulnerable
    The COMSOL software does not enable writes for the default servlet, which is needed to exploit the vulnerability.

Updating Apache Tomcat

Installing the latest product updates for the COMSOL software ensures that the built-in Apache Tomcat software is kept at the latest released version that has been fully tested together with the COMSOL software.

In some situations you might want to update to the most recently released Apache Tomcat version, either before a product update has been released for the COMSOL software with an updated Apache Tomcat software or for a version of COMSOL that no longer receives updates. The following explains how you can manually update the built-in Apache Tomcat software for a COMSOL software installation:

  1. Go to the Tomcat 9 Software Downloads page.
  2. Download the Binary Distributions > Core > zip archive to a temporary location and unzip it.
  3. Locate the Apache Tomcat subdirectory of the COMSOL software installation to target. The following are the default installation folders:
    • On Windows systems: C:\Program Files\COMSOL\COMSOL63\[Product]\bin\tomcat
    • On macOS systems: /Applications/COMSOL63/[Product]/bin/tomcat
    • On Linux systems: /usr/local/comsol63/[product]/bin/tomcat
    • The [Product] path segment is Multiphysics for COMSOL Multiphysics, Server for COMSOL Server, and ModelManagerServer for COMSOL Model Manager Server.
  4. Stop any COMSOL software currently running from the targeted installation.
  5. Copy the lib and bin directories from the extracted Apache Tomcat software to the Apache Tomcat subdirectory of the targeted COMSOL software installation, overwriting the existing files in these folders.
  6. Restart the COMSOL software from the targeted installation directory and verify that it works as before.

You will typically need administrator privileges to modify the COMSOL software installation, for example by giving administrative credentials on Windows systems or performing the operation as root with sudo on Linux systems.

If you want to restore the original version of the built-in Apache Tomcat software in the COMSOL software installation, use the Setup launcher from the installation to run the COMSOL installer and use the Add/Remove Products and Reinstall option to restore the installation to its original state.

Note that until a new Apache Tomcat version has been tested for compatibility with the COMSOL software, it is not possible to guarantee that there are no incompatibilities. Known incompatible versions of Apache Tomcat can be posted on this Knowledge Base article in the future, so check back here or contact the COMSOL support if you notice any irregularities after doing a manual update of the built-in Apache Tomcat software in a COMSOL installation.

Apache Tomcat version

The following versions of the Apache Tomcat software are included with the currently supported versions of COMSOL:

  • COMSOL 6.3 update 1:
    Apache Tomcat 9.0.98
  • COMSOL 6.2 update 3:
    Apache Tomcat 9.0.84

In general, the version of the Apache Tomcat software included with a particular COMSOL software installation can be determined by the following steps:

  1. Locate the Apache Tomcat directory of the COMSOL software installation, as explained in the previous section.
  2. Open the catalina.jar archive from its lib directory using a tool like 7-Zip.
  3. View the META-INF/MANIFEST.MF file in a text editor.
  4. Read the Apache Tomcat version from the Implementation-Version entry.

Browse by Category

Error Messages (65)
Import (10)
Geometry (14)
Physics (10)
Solver (36)
Installation (41)
Mesh (14)
General (36)
Structural Mechanics (2)
Fluid Dynamics (2)
Postprocessing (4)
Export (1)
Drawing (1)
Product Information (6)
Multiphysics (1)
User Models (1)
Electromagnetics (1)

COMSOL makes every reasonable effort to verify the information you view on this page. Resources and documents are provided for your information only, and COMSOL makes no explicit or implied claims to their validity. COMSOL does not assume any legal liability for the accuracy of the data disclosed. Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark details.