Spectrum is not vulnerable as we do not turn on the AJP port in our tomcat configuration. The Spectrum WebTomcat DOES have the AJP connector port turned on but this can be turned off / commented out as we do not use it.
1. Edit the $SPECROOT/webtomcat/conf/server.xml file. 2. Comment out this section as seen below:
3. Save the file and restart the Spectrum Web Tomcat Service via: