UVWC: Tomcat vulnerability CVE-2020-1938
Article ID: 190964
Updated On:
Products
CA Automic Dollar Universe
Issue/Introduction
Univiewer Web Console uses the HTTP connector, port 8080.
This Tomcat vulnerability affects the AJP connector, which uses port 8009.
https://access.redhat.com/solutions/4851251
Environment
Release : 6.0
Component : DOLLAR UNIVERSE
Subcomponent: Univiewer Webconsole
Resolution
The connector for AJP in the Tomcat server.xml can be commented out.
server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/json" compression="on" port="8009" protocol="AJP/1.3" redirectPort="8443"/>
server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<Connector compressableMimeType="text/html,text/xml,text/plain,text/css,application/javascript,application/json" compression="on" port="8009" protocol="AJP/1.3" redirectPort="8443"/>
Additional Information
Also see AE knowledge article on the same topic:
https://knowledge.broadcom.com/external/article?articleId=182953
Feedback
Yes
No
Powered by
