Review the impact of Apache Tomcat Ghostcat vulnerability with Clarity PPM and how it can be mitigated.
The Ghostcat vulnerability exploits the Apache JServ Protocol (AJP) which is generally run on port 8009 and grants an attacker access to deploy or read files from Tomcat directories. This only happens if your AJP connector is exposed over the internet that is to say the AJP connector is bound to an external IP address.
The following versions of Tomcat are impacted by this vulnerability:
You can mitigate the risk of Ghostcat vulnerability by identifying, which of the following scenarios is applicable in your enterprise and performing the appropriate actions.
You can simply comment out the AJP protocol section in the server.xml file. Perform the following steps:
Service add deploy app bg beacon nsa
Service start all
If you are using the AJP port in your enterprise, remember that AJP is not a highly trusted protocol. You should never expose the AJP port to untrusted clients because it uses insecure (clear text transmission) and assumes that your network is safe.
You can apply the following mitigation in your order of preference:
Note: Clarity PPM SaaS is not impacted by the Apache Tomcat Ghostcat vulnerability since Clarity PPM SaaS does not use or expose the AJP port.