Loading
search-img
Title
Apache Tomcat does not appear in the scan results

Summary

When Software Vulnerability Manager (SVM) scans a device, which has Apache Tomcat webserver installed, the scan results do not show Tomcat to be installed on that device.

Diagnosis

Software Vulnerability Manager looks for exe, dll and ocx binary file extensions while scanning a device. The metadata in the PE header of these files is used to tie them back to their respective product and version.

Apache Tomcat has two installer formats for Windows platform – ZIP and EXE. Upon installing the ZIP format installer on a device, it is seen that there are no exe, dll or ocx files in the install directory. It clearly appears that the ZIP format of the installer does not include any of the binary file formats which SVM can recognize therefore SVM fails to identify Tomcat during scanning a device which has ZIP format installed.

The EXE format of the installer installs two .exe files in the install directory. However, the Product Version obtained from the PE header of these files does not match the actual version of Tomcat installed on the device, therefore SVM does not know which version of the product these files belong to and so cannot identify a version of Tomcat installed. As a result, Tomcat will not appear in SVM scan results.

For instance: Tomcat.exe and Tomcat10w.exe are the two binary files installed by Tomcat version 10.0.5.0. However, the Product Version seen in the PE header of these two files is 1.2.4.0.

 

kmantagi_0-1621329679226.png

kmantagi_1-1621329679268.png

Conclusion

The PE header meta data of the binary files installed by any product on a device plays a very crucial role in identifying the correct product name and the version installed. Tomcat’s either missing binary files, or (when present) offers unreliable identification data resulting in SVM’s failure to correctly identify the presence of any Tomcat versions on a device. If interested, we encourage customers to reach out to the creators of Apache Tomcat to fix the version information in binary files to align with the product version installed on a device. Currently there no work around available in SVM to address this deficiency.

Was this helpful?
Support Hub
Product
Software Vulnerability Manager
Deployment type
On-premises
Visibility
Guest
URL Name
apache-tomcat-does-not-appear-in-the-scan-results

Related Articles

Create a case with Support
0/255
Upload Attachment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)

Are you sure you want to cancel the case creation?

Are you sure you want to close this case

Get Hotline support
Products Region Phone Numbers
FlexNet Operations
FlexNet Embedded
FlexNet Publisher
FlexNet Connect
FlexNet Code Insight
InstallAnywhere
InstallShield 		North America  * +1 630-332-2513 (toll)
+1 877-279-2853 (toll-free in North America)
Europe  * +44 1925 944367 (toll)
+44 800 047 8642 (toll-free in Europe)
Japan  * +81 3-4540-5335 (select option 2)
Australia  * +61 3 9895 2177
+61 1800 560 603 (toll-free in Australia)
Usage Intelligence (formerly Revulytics)
Compliance Intelligence 		Please use the Case Portal to submit your support ticket or reach out to your Revenera contact.
Book an Appointment
File Upload
Maximum file size allowed is 3 MB.
File type not supported.
Supported file types:
Documents (.txt, .doc, .docx, .pdf), Images (.jpg, .png), Comma Separated Files (.csv) Speadsheets (.xlsx, .xls)
+1.800.374.4353
CONTACT US REVENERA.COM FLEXERA.com
© 2026 Flexera Software. All Rights Reserved.
Privacy policy Terms and conditions Flexera Community Contact Us
Loading
Apache Tomcat does not appear in the scan results