Apache Tomcat Ghostcat vulnerability for ShareScan

Information:

Apache Tomcat Ghostcat vulnerability (https://cve.mitre.org/cgi-bin/cvenam...=CVE-2020-1938) has been identified.  The following information can be used for eCopy ShareScan to avoid this vulnerability.

eCopy ShareScan does not utilize the AJP feature of Apache Tomcat, however the protocol is enabled by default. The recommendation is to disable AJP explicitly.  Edit the <Tomcat>/conf/server.xml file and comment out the AJP.

Steps to modify Apache Tomcat configuration for eCopy ShareScan:

1. Stop eCopy ShareScan Agent service
2. Stop eCopy ShareScan Manager service
3. Stop Apache Tomcat service
4. Navigate to the Apache Tomcat install folder [by default: C:\Program Files (x86)\Kofax\Tomcat 8.5\conf\server.xml]
5. Edit the Server.XML file
6. Find the line <Connector port = “8009” protocol = “AJP / 1.x” redirectPort = “8443” />
7. Edit the line to comment it out, by changing it to [<!--<Connector port="8009" protocol="AJP/1.3" redirectPort="8443" />--> ]
8. Save the Server.XML file
9. Start Apache Tomcat service
10. Start eCopy ShareScan Agent and Manager services

Links about the vulnerability:

https://www.chaitin.cn/en/ghostcat
https://blog.trendmicro.com/trendlab...vd-2020-10487/

Applies to: