After recent vulnerability found with all versions of Tomcat.
The issue will be addressed in two stages:
1. Immediate fix ( For customers who ask): Disabling AJP protocol in tomcat.
2. New PAX: New release is in creation where an upgrade Tomcat to secure version is done, and AJP port is disabled by default.
How to disable AJP manually:
To disable the AJP connector you should follow these steps:
1. Stop MTC-M started task.
2. Navigate to conf folder located in tomcat folder (for example apache-tomcat-8.5.31/conf).
3. Open server.xml file.
4. Search for AJP connector (<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />).
5. Comment out the AJP connector (<!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->).
7. Start MTC-M started task.