Ghostcat vulnerability querry regarding Rally and Tomcat
Article ID: 186407
CA Agile Central On Premise (Rally)
Due to the recent announcement of the Ghostcat vulnerability in Tomcat, Rally On-prem customers are checking all services to ensure they aren't affected.
Ghostcat in itself is a Local File Include/Read vulnerability and not an Arbitrary File Upload/Write vulnerability. On the Apache Tomcat Security Advisory page, Ghostcat is described as “AJP Request Injection and potential Remote Code. Ghostcat vulnerability affects all versions of Tomcat in the default configuration, it was confirmed that it affected all versions of Tomcat 9/8/7/6, and older versions that were too old were not verified.
Release : 2018.1
Component : AGILE CENTRAL ON PREMISES
Please note that we (Rally On-Prem) do not use Tomcat services, therefore we are not affected