Our internal 3rd Party Vulnerability team detected a vulnerability in Ghostcat on the OM Web Viewer Servers. Please provide information to remediate this issue or guidance on the remediation.

The threat indicates that Apache Tomcat® fixed a vulnerability that allows an attacker to read any webapps files. If the Apache Tomcat® instance support file uploads, the vulnerability could also be leveraged to achieve remote code execution. Also known as 'Ghostcat'.

Affected versions are:

Apache Tomcat® 9.0.0 through 9.0.30

Apache Tomcat® 8.5.0 through 8.5.50

Apache Tomcat® 7.0.0 through 7.0.99

QID Detection Logic (Unauthenticated)

The QID sends an AFP payload with respect to web.xml file. Note: Apache Tomcat® version 8.0.x are found affected by this during investigation.

Remediation Notes: Updated versions of Apache Tomcat® are available that fix these vulnerabilities. Workaround is to temporarily disable the AJP protocol port.

There are already patches available on The Apache Tomcat® Website

Output Management Web Viewer 12.1
Apache Tomcat®

Workaround 

    <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--                                        <==start comment
    <Connector protocol="AJP/1.3"
               address="::1"
               port="8009"
               redirectPort="8443" />
    -->                                         <==end comment

Note the solutions are the same for all platforms.