The 'Ghostcat' vulnerability which is tracked as CVE-2020-1938, is a flaw that could let unauthenticated, remote attackers read the content of any file on a vulnerable web server and obtain sensitive configuration files or source code, or execute arbitrary code if the server allows file upload.
CA Workload Automation DE (dSeries) SOAP Web Services
Apache JServ Protocol (AJP) protocol is basically an optimized version of the HTTP protocol to allow Tomcat to communicate with an Apache web-server. The AJP protocol comes enabled by default and listens at TCP port 8009, it is bound to IP address 0.0.0.0 and can only be exploited remotely when accessible to untrusted clients.
All the versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released have been found vulnerable and fixed as per following table.
Affected Apache Version |
Fixed version |
Apache Tomcat 9.0.30 and below |
9.0.31 |
Apache Tomcat 8.5.50 and below |
8.5.51 |
Apache Tomcat 7.0.99 and below |
7.0.100 |
Following versions of Workload automation DE (dSeries) SOAP web service component are impacted due to above vulnerability since the product embeds a vulnerable version of tomcat.
r12.2
r12.1
r12.0 SP2
r12.0 SP1
r12.0
r11.3 SP3
r11.3 SP2
r11.3 SP1
r11.3 0000
To prevent the vulnerability, perform the following steps.
1. Stop the Web Services.
2. Locate the server.xml. The server.xml is located in <install_directory>/apache-tomcat/conf.
E.g. (following are example, the actual location may be different).
In Linux
/opt/CA/WAWebServices_R12_2/apache-tomcat/conf/server.xml
in Windows:
C:\Program Files\CA\WAWebServices_R12_2\apache-tomcat\conf\server.xml
3. Edit the server.xml. Open the file in text editor and search for the following line:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
4. Comment the line like this:
<!--
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
-->
5. Save the server.xml and start the Web Services.