We've just gotten a complaint about a vulnerability involving AJP (to something called "Ghostcat") from a customer. The report from the security consultant recommends updating to a more recent version of Tomcat, and I note that we've already started rolling out 7.0.108 to customers.

Looking at server.xml, the only reference to AJP is in relation to port 8009, and that this connector is commented out in 108, but not in 93.

So what exactly *is* this connector, and what purpose does it serve?

--
JHHL

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to