Security vulnerability in the WebServer

book

Article ID: 182953

calendar_today

Updated On:

Products

CA Workload Automation AE - Business Agents (AutoSys) CA Workload Automation AE - System Agent (AutoSys) CA Workload Automation AE - Scheduler (AutoSys) CA Workload Automation Agent CA Workload Automation AE

Issue/Introduction

We have been notified that are security vulnerability associated with the AJP port for tomcat in the /opt/CA/wla_am/tomcat8/conf and the /opt/CA/WorkloadAutomationAE/webserver/conf/server.xml directories.  Instructions for mitigation is to comment out the refrence to the port in the server.xml or work with the vendor if AJP connector cannot be deactivated.

server.xml

   <!-- Define an AJP 1.3 Connector on port 8009 -->

    <Connector compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/json" compression="on" port="8009" protocol="AJP/1.3" redirectPort="8443"/>

 

Please let us know if it’s ok to comment out this line without impacting the webserver.

 

Cause

AJP is enabled by default for Tomcat 7, 8, 9.

Environment

Release : 11.3.6

Component : CA Workload Automation AE (AutoSys)

Resolution

The AJP is not used by CA WAAE, WCC, or EEM.
The connector for AJM in the Tomcat server.xml can be commented out.