We have been notified that are security vulnerability associated with the AJP port for tomcat in the /opt/CA/wla_am/tomcat8/conf and the /opt/CA/WorkloadAutomationAE/webserver/conf/server.xml directories. Instructions for mitigation is to comment out the refrence to the port in the server.xml or work with the vendor if AJP connector cannot be deactivated.
<!-- Define an AJP 1.3 Connector on port 8009 -->
Please let us know if it’s ok to comment out this line without impacting the webserver.
AJP is enabled by default for Tomcat 7, 8, 9.
Release : 11.3.6
Component : CA Workload Automation AE (AutoSys)
The AJP is not used by CA WAAE, WCC, or EEM.
The connector for AJM in the Tomcat server.xml can be commented out.