On 18/05/2020 21:45, jonmcalexan...@wellsfargo.com.INVALID wrote: > I hate bringing up old crap, but I just want to make sure I have everything > covered on my end. As far as this QID, the dreaded Ghost Cat, and AJP, is > there ANY special AJP configuration that should be done to make sure that > this QID is mitigated for Tomcat 7.0.103, 8.5.53, and 9.0.33 and above > configurations?
It depends. There are too many variables. A configuration that would be considered secure in one scenario may be considered insecure in another. If you show us your AJP configuration (passwords, if any, masked) we can figure out what questions to ask next. Mark > > Thanks, > > > Dream * Excel * Explore * Inspire > Jon McAlexander > Asst Vice President > > Middleware Product Engineering > Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions > > 8080 Cobblestone Rd | Urbandale, IA 50322 > MAC: F4469-010 > Tel 515-988-2508 | Cell 515-988-2508 > > jonmcalexan...@wellsfargo.com<mailto:jonmcalexan...@wellsfargo.com> > > > This message may contain confidential and/or privileged information. If you > are not the addressee or authorized to receive this for the addressee, you > must not use, copy, disclose, or take any action based on this message or any > information herein. If you have received this message in error, please advise > the sender immediately by reply e-mail and delete this message. Thank you for > your cooperation. > > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org
