Helpdesk connector jar file - Nessus scan vulnerability - needs to disable Tomcat AJP
search cancel

Helpdesk connector jar file - Nessus scan vulnerability - needs to disable Tomcat AJP

book

Article ID: 199233

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction


Note that Tomcat AJP has been disabled on SOI Manager server.  File: ca\soi\tomcat\conf\server.xml

 <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->

=================
Port 8009 becomes active once I started the Helpdesk connector.  

D:\Program Files\CA\SOI\Tools>netstat -an | findstr "8009"
  TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING

Environment

Release : 4.2

Component : Service Operations Insight (SOI) Manager

Resolution

We can disable the AJP Connector directly, or change its listening address to the localhost to fix this Ghostcat vulnerability.

Here , Mentioned Ghostcat vulnerability is part of NIM server .so please perform same steps for nim server also.

Steps:

(1) Edit \CA\SOI\nimServer\conf\server.xml,find the following line ( is the Tomcat work directory):


(2) Comment out it (or just delete it):


(3) Save the edit, and then restart Tomcat.

Request to please perform the above steps in the customer environment and confirm if this resolves the reported vulnerability.