Ghostcat vulnerability of Tomcat server in TIBCO Hawk WebConsole
Article ID: KB0075712
Updated On:
| Products | Versions |
|---|---|
| TIBCO Hawk | 6.x, 5.x |
Description
TIBCO Hawk WebConsole uses Tomcat and there is a vulnerability reported for it - Ghostcat (CVE-2020-1938)
Please refer to the link below for the details of this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2020-1938
https://confluence.atlassian.com/jirakb/cve-2020-1938-996642338.html
https://www.chaitin.cn/en/ghostcat
Impacted versions:
- Apache Tomcat 7x <7.0.100
- Apache Tomcat 8x <8.5.51
- Apache Tomcat 9x <9.0.31
Fixed version:
9.0.31, 8.5.51, and 7.0.100
Please refer to the link below for the details of this vulnerability.
https://nvd.nist.gov/vuln/detail/CVE-2020-1938
https://confluence.atlassian.com/jirakb/cve-2020-1938-996642338.html
https://www.chaitin.cn/en/ghostcat
Impacted versions:
- Apache Tomcat 7x <7.0.100
- Apache Tomcat 8x <8.5.51
- Apache Tomcat 9x <9.0.31
Fixed version:
9.0.31, 8.5.51, and 7.0.100
Issue/Introduction
Ghostcat vulnerability: need to upgrade Tomcat or disable AJP Connector in TIBCO Hawk WebConsole
Environment
All
Resolution
Customer could choose either of the solution below to address this vulnerability for TIBCO Hawk WebConsole:
1. Upgrade Tomcat to latest version for TIBCO Hawk WebConsole.
- For TIBCO Hawk 6.2, please upgrade to 9.0.31 (The bundled Tomcat version is 9.0.17.0).
- For TIBCO Hawk 6.1, 6.0 and 5.2, please upgrade to 7.0.100 (The bundled Tomcat version is 7.0.82.0)
NOTE: Customer should download latest Tomcat version from Apache website.
Please refer to the TIBCO Hawk document below regarding how to replace Tomcat for TIBCO Hawk WebConsole:
https://docs.tibco.com/pub/hawk/5.2.0/doc/pdf/TIB_hawk_5.2.0_installation.pdf?id=1
Chapter 2 Configuring TIBCO Hawk Components -> Configuring Hawk WebConsole
2. If can't do upgrade, you can disable AJP Connector directly like below in $HAWK_HOME/webconsole/tomcat/conf/server.xml:
<!--<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />-->
1. Upgrade Tomcat to latest version for TIBCO Hawk WebConsole.
- For TIBCO Hawk 6.2, please upgrade to 9.0.31 (The bundled Tomcat version is 9.0.17.0).
- For TIBCO Hawk 6.1, 6.0 and 5.2, please upgrade to 7.0.100 (The bundled Tomcat version is 7.0.82.0)
NOTE: Customer should download latest Tomcat version from Apache website.
Please refer to the TIBCO Hawk document below regarding how to replace Tomcat for TIBCO Hawk WebConsole:
https://docs.tibco.com/pub/hawk/5.2.0/doc/pdf/TIB_hawk_5.2.0_installation.pdf?id=1
Chapter 2 Configuring TIBCO Hawk Components -> Configuring Hawk WebConsole
2. If can't do upgrade, you can disable AJP Connector directly like below in $HAWK_HOME/webconsole/tomcat/conf/server.xml:
<!--<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />-->
Additional Information
https://nvd.nist.gov/vuln/detail/CVE-2020-1938
https://confluence.atlassian.com/jirakb/cve-2020-1938-996642338.html
https://www.chaitin.cn/en/ghostcat
https://confluence.atlassian.com/jirakb/cve-2020-1938-996642338.html
https://www.chaitin.cn/en/ghostcat
Feedback
Yes
No
Powered by
