Tomcat AJP vulnerability and Razuna

Share this post:

We got notified that there is an AJP security vulnerability with all Apache Tomcat releases. The issue is discussed as CVE-2929-1938. A remote, unauthenticated/untrusted attacker could exploit this AJP configuration to read web application files from a server exposing the AJP port to untrusted clients.

That said, the default Tomcat instance that is included in our Razuna download has the AJP connector disabled by default. Also, all customers of our dedicated Razuna servers, are already protected!

However, if you installed Razuna on your customer Tomcat installation, please make sure to disable the AJP connector in the server.xml file that can be found in the tomcat/config folder.

Over 10 years in business.

Self-funded. No investors. No bullshit.

More than 3,000 customers worldwide.

Helpmonks - no bullshit customer engagement service

Growth starts with action

Empower your team and delight your customers.

Helpmonks - email management for small businesses