We've just gotten a complaint about a vulnerability involving AJP (to
something called "Ghostcat") from a customer. The report from the
security consultant recommends updating to a more recent version of
Tomcat, and I note that we've already started rolling out 7.0.108 to
customers.
Looking at server.xml, the only reference to AJP is in relation to port
8009, and that this connector is commented out in 108, but not in 93.
So what exactly *is* this connector, and what purpose does it serve?
--
JHHL
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
