We have been notified that are security vulnerability associated with the AJP port for tomcat in the /opt/CA/wla_am/tomcat8/conf and the /opt/CA/WorkloadAutomationAE/webserver/conf/server.xml directories. Instructions for mitigation is to comment out the refrence to the port in the server.xml or work with the vendor if AJP connector cannot be deactivated.
server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/json" compression="on" port="8009" protocol="AJP/1.3" redirectPort="8443"/>
Please let us know if it’s ok to comment out this line without impacting the webserver.
Release : 11.3.6
Component : CA Workload Automation AE (AutoSys)