Process Automation- Apache Tomcat AJP File Inclusion Vulnerability
search cancel

Process Automation- Apache Tomcat AJP File Inclusion Vulnerability


Article ID: 218613


Updated On:


CA Process Automation Base


Vulnerability scan of Process Automation (ITPAM) servers reveal a 'Apache Tomcat AJP File Inclusion Vulnerability'.


CA Process Automation 4.x


When Process Automation (ITPAM) is installed, all JBOSS files are installed.

ITPAM does not need the "jbossweb.sar" folder. 

To fix the reported vulnerability issue, please follow the below steps.

1.  Locate and backup the <ITPAM installation location>\PAM\server\c2o\deploy\jbossweb.sar\server.xml file

2.  Edit the file with a text editor to comment the "AJP 1.3 Connector" tag.

For example, comment the following section

<!--Connector port="${tomcat.connector.ajp.port}" address="${jboss.bind.address}" emptySessionPath="true" enableLookups="false" redirectPort="${}" protocol="AJP/1.3" useBodyEncodingForURI="true" maxThreads="3000" backlog="20000" connectionTimeout="120000" keepAliveTimeout="120000"/-->

3.  Save changes and recycle the ITPAM service

Additional Information

In future releases of CA Process Automation (ITPAM), JBOSS will be upgraded to address these types of vulnerabilities.