search cancel

We are tracking a high risk vulnerability on the CAMM host server. Apache Tomcat Ghostcat CVE-2020-1938, QID-87413

book

Article ID: 188437

calendar_today

Updated On:

Products

CA Mediation Manager

Issue/Introduction

Is CA Mediation Manager affected by:
Apache Tomcat Ghostcat CVE-2020-1938, QID-87413 

We are seeing an alert on the AJP connector on our scans of the CAMM host.

Environment

Release : all supported releases

Component : CAMM DISCOVERY MANAGER

Cause

The instance of tomcat installed by CAMM does have the AJP connector enabled but it is not used by CAMM.

Resolution

Locate the file:

/opt/CA/CAMM/WEBCAMM/conf/server.xml

Copy it and edit the original:

cp /opt/CA/CAMM/WEBCAMM/conf/server.xml /opt/CA/CAMM/WEBCAMM/conf/server.xml.original

now change this:

<!-- Define an AJP 1.3 Connector on port 8009 -->

    <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

……………

To this:

<!-- Define an AJP 1.3 Connector on port 8009 -->

  <!--  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->

……….

Recycle CAMM

Additional Information

We are updating tomcat to 8.5.51 in CAMM build in the next release of CAMM (NetOps 20.2)

 

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1938