-----Original Message-----
From: Mark Thomas <ma...@apache.org> 
Sent: Monday, May 18, 2020 5:29 PM
To: users@tomcat.apache.org
Subject: Re: Tomcat and Qualsys QID: 87413

On 18/05/2020 21:45, jonmcalexan...@wellsfargo.com.INVALID wrote:
> I hate bringing up old crap, but I just want to make sure I have everything 
> covered on my end. As far as this QID, the dreaded Ghost Cat, and AJP, is 
> there ANY special AJP configuration that should be done to make sure that 
> this QID is mitigated for Tomcat 7.0.103, 8.5.53, and 9.0.33 and above 
> configurations?

<It depends. There are too many variables. A configuration that would be 
considered secure in one scenario may be considered insecure in another.

>If you show us your AJP configuration (passwords, if any, masked) we can 
>figure out what questions to ask next.


Thanks Mark. 

I'm not looking for anything specific, but more generic. I'm one of the guys 
that gets all the escalated support questions in the company in regards to 
anything Tomcat. This includes all these QID's, etc.. I just wanted some "best 
practice" information that I can dispense as potential ways for folks who need 
AJP to be able to resolve the QID vulnerability in their systems.


Dream * Excel * Explore * Inspire
Jon McAlexander
Asst Vice President

Middleware Product Engineering
Enterprise CIO | Platform Services | Middleware | Infrastructure Solutions

8080 Cobblestone Rd | Urbandale, IA 50322
MAC: F4469-010
Tel 515-988-2508 | Cell 515-988-2508


This message may contain confidential and/or privileged information. If you are 
not the addressee or authorized to receive this for the addressee, you must not 
use, copy, disclose, or take any action based on this message or any 
information herein. If you have received this message in error, please advise 
the sender immediately by reply e-mail and delete this message. Thank you for 
your cooperation.

To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to