Apache Web Server / Ghostcat vulnerability

book

Article ID: 186130

calendar_today

Updated On:

Products

CA Vantage Storage Resource Manager CA Graphical Management Interface

Issue/Introduction

Due to the new Ghostcat vulnerability in Apache Tomcat’s Apache JServ Protocol (AJP) , our Vantage web clients needs to be shutdown.

Is there a patch yet available for Tomcat that can be provided?

Resolution

After recent vulnerability found with all versions of Tomcat.
 
The issue will be addressed in two stages:
1. Immediate fix ( For customers who ask): Disabling AJP protocol in tomcat. 
2. New PAX: New release is in creation where an upgrade Tomcat to secure version is done, and AJP port is disabled by default.
 
How to disable AJP manually:
 
To disable the AJP connector you should follow these steps:
1. Stop MTC-M started task.
2. Navigate to conf folder located in tomcat folder (for example apache-tomcat-8.5.31/conf).
3. Open server.xml file.
4. Search for AJP connector (<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />).
5. Comment out the AJP connector (<!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->).
6. Save.
7. Start MTC-M started task.  

Additional Information

In case of needs, please contact the Ca Vantage support for additional information.