search cancel

Apache Tomcat - Remote code execution | Ghostcat

book

Article ID: 190187

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction

Is CA SOI 4.2 affected by the tomcat vulnerability CVE-2020-1938 (aka Ghostcat)?

If CA SOI 4.2 is affected by this vulnerability, how can this be mitigated?

 

 

Environment

Release : 4.2

Component : Service Operations Insight (SOI) Manager

Cause

SOI 4.2 is using Tomcat 7.0.90

Resolution

Workaround:

Below is the recommendation for the Ghostcat vulnerability mitigation in SOI 4.2:

We can disable the AJP Connector directly, or change its listening address to the localhost to fix this Ghostcat vulnerability.

Steps:

(1) Edit \SOI\tomcat\conf\server.xml,find the following line:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />

(2) Comment it out (or just delete it):

<!--  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->


(3) Save the edit, and then restart Tomcat.

 

You will need to comment out the same line for the UI in \soi\samui\conf\server.xml

Please note that with SOI 4.2 CU3, this line has already been commented out.

Request to please perform the above steps in the customer environment and confirm if this resolves the reported vulnerability.

For more details please follow the URL below.
https://www.chaitin.cn/en/ghostcat

Additional Information

https://nvd.nist.gov/vuln/detail/CVE-2020-1938

Ghostcat in CABI

https://knowledge.broadcom.com/external/article/185860/

 

**

SOI 4.2 CU2 is now using Apache Tomcat Version 9.0.45