Description

The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server. It's not recommended to have AJP services publicly accessible on the internet. If AJP is misconfigured it could allow an attacker to access to internal resources.

Remediation

It's recommended to restrict access to this service on production systems.

References

The Apache Tomcat Connector

Related Vulnerabilities

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4901)

WordPress Plugin Duplicate Page Multiple Vulnerabilities (2.3)

Axis development mode enabled in WEB-INF/server-config.wsdd

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-4898)

Piwigo Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3790)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration