Security vulnerability in the WebServer

book

Article ID: 182953

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent CA Workload Automation AE

Issue/Introduction

We have been notified that are security vulnerability associated with the AJP port for tomcat in the /opt/CA/wla_am/tomcat8/conf and the /opt/CA/WorkloadAutomationAE/webserver/conf/server.xml directories.  Instructions for mitigation is to comment out the refrence to the port in the server.xml or work with the vendor if AJP connector cannot be deactivated.

server.xml

   <!-- Define an AJP 1.3 Connector on port 8009 -->

    <Connector compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/json" compression="on" port="8009" protocol="AJP/1.3" redirectPort="8443"/>

 

Please let us know if it’s ok to comment out this line without impacting the webserver.

 

Cause

AJP is enabled by default for Tomcat 7, 8, 9.

Environment

Release : 11.3.6

Component : CA Workload Automation AE (AutoSys)

Resolution

The AJP is not used by CA WAAE, WCC, or EEM.
The connector for AJM in the Tomcat server.xml can be commented out.
Powered by Wolken Software