Review the impact of Apache Tomcat Ghostcat vulnerability with Clarity and how it can be mitigated.
The Ghostcat vulnerability exploits the Apache JServ Protocol (AJP) which is generally run on port 8009 and grants an attacker access to deploy or read files from Tomcat directories. This only happens if your AJP connector is exposed over the internet that is to say the AJP connector is bound to an external IP address.
The following versions of Tomcat are impacted by this vulnerability:
You can mitigate the risk of Ghostcat vulnerability by identifying, which of the following scenarios is applicable in your enterprise and performing the appropriate actions.
Scenario 1: You are not using the AJP port in your enterprise.
You can simply comment out the AJP protocol section in the server.xml file. Perform the following steps:
If you are using the AJP port in your enterprise, remember that AJP is not a highly trusted protocol. You should never expose the AJP port to untrusted clients because it uses insecure (clear text transmission) and assumes that your network is safe.
You can apply the following mitigation in your order of preference:
Note: Clarity SaaS is not impacted by the Apache Tomcat Ghostcat vulnerability since Clarity SaaS does not use or expose the AJP port.