API Gateway: Addressing CVE-2020-1938 "Ghostcat"
Article ID: 185407
CA API Gateway
A vulnerability in Apache JServ Protocol (AJP) is published in CVE-2020-1938 and is also known as "Ghostcat". Tomcat uses this protocol (AJP) connector in all recent versions.
Question: Is the Tomcat in Layer7 API Gateway is affected by this vulnerability?
No, the API Gateway is not affected. The API Gateway does not use AJP connector and hence the API Gateway and its components are not affected by this vulnerability.