Hi,
There is a Tomcat AJP protocol vulnerability published.
(Only Dutch url’s )
Question: Is the AJP protocol used somewhere / mandatory for Servoy 2019 operation on Tomcat?
Regards,
Hi Lambert
It’s only used when you use a proxy server in front of your Tomcat server.
But even then, you don’t have to use the AJP protocol. You can use the HTTP protocol, which is not vulnerable.
Edit: I guess you do need to disable the AJP connector on your tomcat instance though. You can do this in the /conf/server.xml.
Hope this helps.
Thanks Robert!
I was on that track but wanted to be sure, thanks again.
Regards,