Ghostcat vulnerability querry regarding Rally and Tomcat
search cancel

Ghostcat vulnerability querry regarding Rally and Tomcat

book

Article ID: 186407

calendar_today

Updated On:

Products

Rally On-Premise

Issue/Introduction

Due to the recent announcement of the Ghostcat vulnerability in Tomcat, Rally On-prem customers are checking all services to ensure they aren't affected.

 

Environment

Release : 2018.1

Component : AGILE CENTRAL ON PREMISES

Cause


Ghostcat in itself is a Local File Include/Read vulnerability and not an Arbitrary File Upload/Write vulnerability. On the Apache Tomcat Security Advisory page, Ghostcat is described as “AJP Request Injection and potential Remote Code. Ghostcat vulnerability affects all versions of Tomcat in the default configuration, it was confirmed that it affected all versions of Tomcat 9/8/7/6, and older versions that were too old were not verified.

Resolution

Please note that we (Rally On-Prem) do not use Tomcat services, therefore we are not affected
Powered by Wolken Software