Security vulnerability in the WebServer

Article Id: 182953
Status: Published
Updated On: 12-05-2020 08:25
Products:
CA Workload Automation AE - Business Agents (AutoSys) , CA Workload Automation AE - System Agent (AutoSys) , CA Workload Automation AE - Scheduler (AutoSys) , CA Workload Automation Agent , CA Workload Automation AE
Issue/Introduction:

We have been notified that are security vulnerability associated with the AJP port for tomcat in the /opt/CA/wla_am/tomcat8/conf and the /opt/CA/WorkloadAutomationAE/webserver/conf/server.xml directories.  Instructions for mitigation is to comment out the refrence to the port in the server.xml or work with the vendor if AJP connector cannot be deactivated.

server.xml

   <!-- Define an AJP 1.3 Connector on port 8009 -->

    <Connector compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/json" compression="on" port="8009" protocol="AJP/1.3" redirectPort="8443"/>

 

Please let us know if it’s ok to comment out this line without impacting the webserver.

 

Cause:

AJP is enabled by default for Tomcat 7, 8, 9.

Environment:

Release : 11.3.6

Component : CA Workload Automation AE (AutoSys)

Resolution:

The AJP is not used by CA WAAE, WCC, or EEM.
The connector for AJM in the Tomcat server.xml can be commented out.