How to secure TIBCO Administrator's Apache TOMCAT server from 'GhostCat' vulnerability issue (CVE-2020-1938)
book
Article ID: KB0108041
calendar_today
Updated On:
Products
Versions
TIBCO Administrator
5.10.x , 5.11.x
Description
A vulnerability (CVE-2020-1938) has been identified on Apache Tomcat, named “GhostCat”, which is a flaw in the Tomcat AJP protocol.
In order for an attacker to exploit the vulnerability of GhostCat, the AJP Connector must be activated and the attacker must have access to the AJP Connector service port.
Resolution
TIBCO Administrator code do not need the Apache Tomcat AJP Connector, we can disable it.
To disable the Apache Tomcat® AJP Connector follow the steps:
1. Take a backup of the existing server.xml file from <ADMIN_HOME>/Domain/<Domain_Name>/tomcat/conf/server.xml
2. Open the original server.xml file and delete or comment out the following line for the AJP Connector. <Connector port="7009" protocol="AJP/1.3" redirectPort="7443"/>
3. Save the server.xml file.
4. Start the TIBCO Administrator.
NOTE: Also follow the above steps on the template server.xml file located under <ADMIN_HOME>/tomcat/conf/server.xml
Issue/Introduction
How to secure TIBCO Administrator's Apache TOMCAT server from 'GhostCat' vulnerability issue (CVE-2020-1938)