ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Helpdesk connector jar file - Nessus scan vulnerability - needs to disable Tomcat AJP

book

Article ID: 199233

calendar_today

Updated On:

Products

CA Service Operations Insight (SOI)

Issue/Introduction


Note that Tomcat AJP has been disabled on SOI Manager server.  File: ca\soi\tomcat\conf\server.xml

 <!-- Define an AJP 1.3 Connector on port 8009 -->
    <!--  <Connector port="8009" protocol="AJP/1.3" redirectPort="8443" /> -->

=================
Port 8009 becomes active once I started the Helpdesk connector.  

D:\Program Files\CA\SOI\Tools>netstat -an | findstr "8009"
  TCP    0.0.0.0:8009           0.0.0.0:0              LISTENING

Environment

Release : 4.2

Component : Service Operations Insight (SOI) Manager

Resolution

We can disable the AJP Connector directly, or change its listening address to the localhost to fix this Ghostcat vulnerability.

Here , Mentioned Ghostcat vulnerability is part of NIM server .so please perform same steps for nim server also.

Steps:

(1) Edit \CA\SOI\nimServer\conf\server.xml,find the following line ( is the Tomcat work directory):


(2) Comment out it (or just delete it):


(3) Save the edit, and then restart Tomcat.

Request to please perform the above steps in the customer environment and confirm if this resolves the reported vulnerability. For more details follow below URL

https://www.chaitin.cn/en/ghostcat