Helpdesk connector jar file - Nessus scan vulnerability - needs to disable Tomcat AJP
Article ID: 199233
Updated On:
Products
CA Service Operations Insight (SOI)
Issue/Introduction
Note that Tomcat AJP has been disabled on SOI Manager server. File: ca\soi\tomcat\conf\server.xml
<!-- Define an AJP 1.3 Connector on port 8009 -->
<!-- <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->
=================
Port 8009 becomes active once I started the Helpdesk connector.
D:\Program Files\CA\SOI\Tools>netstat -an | findstr "8009"
TCP 0.0.0.0:8009 0.0.0.0:0 LISTENING
Environment
Release : 4.2
Component : Service Operations Insight (SOI) Manager
Resolution
We can disable the AJP Connector directly, or change its listening address to the localhost to fix this Ghostcat vulnerability.
Here , Mentioned Ghostcat vulnerability is part of NIM server .so please perform same steps for nim server also.
Steps:
(1) Edit \CA\SOI\nimServer\conf\server.xml,find the following line ( is the Tomcat work directory):
(2) Comment out it (or just delete it):
(3) Save the edit, and then restart Tomcat.
Request to please perform the above steps in the customer environment and confirm if this resolves the reported vulnerability. For more details follow below URL
https://www.chaitin.cn/en/ghostcat
Here , Mentioned Ghostcat vulnerability is part of NIM server .so please perform same steps for nim server also.
Steps:
(1) Edit \CA\SOI\nimServer\conf\server.xml,find the following line (
(2) Comment out it (or just delete it):
(3) Save the edit, and then restart Tomcat.
Request to please perform the above steps in the customer environment and confirm if this resolves the reported vulnerability. For more details follow below URL
https://www.chaitin.cn/en/ghostcat
Feedback
Yes
No
Powered by
