The security breach is in the Apache JServ Protocol (AJP). This breach allows an intruder, to read files and code in the webapps folder. In some cases, the breach allows to upload executable code.
Caution: KGS products don’t use AJP.
Affected Versions
Apache Tomcat version 6.x (all versions) |
Apache Tomcat version 7.x (before version 7.0.100) |
Apache Tomcat version 8.x (before version 8.5.51) |
Apache Tomcat version 9.x (before version 9.0.31) |
...