Apache Tomcat AJP Connector Request Injection (Ghostcat) - c07606866
According to Apache, Tomcat 8.x is susceptible to an AJP Request Injection and potential Remote Code Execution. The PrinterOn solution does not use thate AJP protocol, so it is recommended that it be disabled.
To disable the protocol:
- Stop Central Print Service, either from PrinterOn Configuration Manager or from Windows services.
-
In a text editor, edit the server.xml file. This file can usually be found at the default location:
C:\Program Files (x86)\PrinterOn Corporation\Apache Tomcat\Conf\ -
Comment out the following line:
<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />
For example, <!--<Connector port="8009" protocol="AJP/1.3" redirectPort="443" /> --> - Save the server.xml file.
- Restart the CPS.
NOTE:
As of PrinterOn version 4.3, PrinterOn is moving to Tomcat version 11 or newer, which is no longer susceptible to this vulnerability.