How to secure TIBCO Administrator's Apache TOMCAT server from 'GhostCat' vulnerability issue (CVE-2020-1938)

How to secure TIBCO Administrator's Apache TOMCAT server from 'GhostCat' vulnerability issue (CVE-2020-1938)

book

Article ID: KB0108041

calendar_today

Updated On:

Products Versions
TIBCO Administrator 5.10.x , 5.11.x

Description

A vulnerability (CVE-2020-1938) has been identified on Apache Tomcat, named “GhostCat”, which is a flaw in the Tomcat AJP protocol.
In order for an attacker to exploit the vulnerability of GhostCat, the AJP Connector must be activated and the attacker must have access to the AJP Connector service port.

 

Resolution

TIBCO Administrator code do not need the Apache Tomcat AJP Connector, we can disable it.

To disable the Apache Tomcat® AJP Connector follow the steps:

1. Take a backup of the existing server.xml file from <ADMIN_HOME>/Domain/<Domain_Name>/tomcat/conf/server.xml

2. Open the original server.xml file and delete or comment out the following line for the AJP Connector.
<Connector port="7009" protocol="AJP/1.3" redirectPort="7443"/>

3. Save the server.xml file.

4. Start the TIBCO Administrator.

NOTE: Also follow the above steps  on the template server.xml file located under <ADMIN_HOME>/tomcat/conf/server.xml

Issue/Introduction

How to secure TIBCO Administrator's Apache TOMCAT server from 'GhostCat' vulnerability issue (CVE-2020-1938)

Additional Information

https://www.chaitin.cn/en/ghostcat
https://tomcat.apache.org/security-7.html#Fixed_in_Apache_Tomcat_7.0.100