Tomcat AJP vulnerability and Razuna
We got notified that there is an AJP security vulnerability with all Apache Tomcat releases. The issue is discussed as CVE-2929-1938. A remote, unauthenticated/untrusted attacker could exploit this AJP configuration to read web application files from a server exposing the AJP port to untrusted clients.
However, if you installed Razuna on your customer Tomcat installation, please make sure to disable the AJP connector in the server.xml file that can be found in the tomcat/config folder.