we used the vulnerability scanner tool for the Sonarqube URL, the tool has found out that Tomcat is outdated, and needs to be upgraded. we are not able to find anything related to Tomcat in Sonarqube, but when we start the Sonarqube console shows the following line
INFO web[o.s.p.ProcessEntryPoint] Starting Web Server
INFO web[o.s.s.a.TomcatHttpConnectorFactory] Starting Tomcat on port 9000
Apache Tomcat Installed version [9.0.70] (out-of-date), the recommended version is 9.0.83, and the overall latest version is 10.1.16.
as there are known vulnerabilities related to the Tomcat version below Important: Apache Tomcat denial of serviceCVE-2023-24998
Apache Tomcat uses a packaged renamed copy of Apache Commons FileUpload to provide the file upload functionality defined in the Jakarta Servlet specification. Apache Tomcat was, therefore, also vulnerable to the Apache Commons FileUpload vulnerability CVE-2023-24998 as there was no limit to the number of request parts processed. This resulted in the possibility of an attacker triggering a DoS with a malicious upload or series of uploads.