Note that Tomcat AJP has been disabled on SOI Manager server. File: ca\soi\tomcat\conf\server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->
=================
Port 8009 becomes active once I started the Helpdesk connector.
D:\Program Files\CA\SOI\Tools>netstat -an | findstr "8009"
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
Release : 4.2
Component : Service Operations Insight (SOI) Manager
We can disable the AJP Connector directly, or change its listening address to the localhost to fix this Ghostcat vulnerability.
Here , Mentioned Ghostcat vulnerability is part of NIM server .so please perform same steps for nim server also.
Steps:
(1) Edit \CA\SOI\nimServer\conf\server.xml,find the following line ( is the Tomcat work directory):
(2) Comment out it (or just delete it):
(3) Save the edit, and then restart Tomcat.
Request to please perform the above steps in the customer environment and confirm if this resolves the reported vulnerability.