We received word that a critical vulnerability was published for Apache Tomcat concerning its implementation of the Apache Jserv Protocol (AJP).
We need to know the following
1. Does Autosys/EEM/WCC software use AJP? ?
2. If so, is it externally exposed?
3. If it is externally exposed, from what URLs and public IPs is it exposed and over what port?
4. If it is internally exposed, from what private IPs, over what port, and from what other internal IPs is it accessible?
Release : 11.3.6
Component : WORKLOAD CONTROL CENTER
AutoSys, WCC and EEM do not use AJP protocol.