We have been notified that are security vulnerability associated with the AJP port for tomcat in the /opt/CA/wla_am/tomcat8/conf and the /opt/CA/WorkloadAutomationAE/webserver/conf/server.xml directories. Instructions for mitigation is to comment out the refrence to the port in the server.xml or work with the vendor if AJP connector cannot be deactivated.
server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/json" compression="on" port="8009" protocol="AJP/1.3" redirectPort="8443"/>
Is it OK to comment out this line without impacting the webserver?
Workload Automation AE (AutoSys)
The AJP is not used by CA WAAE, WCC, or EEM.
The connector for AJM in the Tomcat server.xml can be commented out.