API Gateway: Addressing CVE-2020-1938 "Ghostcat"

book

Article ID: 185407

calendar_today

Updated On:

Products

API SECURITY CA API Gateway

Issue/Introduction

A vulnerability in Apache JServ Protocol (AJP) is published in CVE-2020-1938 and is also known as "Ghostcat". Tomcat uses this protocol (AJP) connector in all recent versions.

Question: Is the Tomcat in Layer7 API Gateway is affected by this vulnerability?

Resolution

No, the API Gateway is not affected. The API Gateway does not use AJP connector and hence the API Gateway and its components are not affected by this vulnerability.