API Gateway: Addressing CVE-2020-1938 "Ghostcat"
Article ID: 185407
Updated On:
Products
API SECURITY
CA API Gateway
Issue/Introduction
A vulnerability in Apache JServ Protocol (AJP) is published in CVE-2020-1938 and is also known as "Ghostcat". Tomcat uses this protocol (AJP) connector in all recent versions.
Question: Is the Tomcat in Layer7 API Gateway is affected by this vulnerability?
Question: Is the Tomcat in Layer7 API Gateway is affected by this vulnerability?
Environment
Release : 9.x
Component : API GATEWAY
Resolution
No, the API Gateway is not affected. The API Gateway does not use AJP connector and hence the API Gateway and its components are not affected by this vulnerability.
Feedback
Yes
No
Powered by
