Article ID: 81342

Article Type: Technical Reference

Last Modified:

This article discusses the AJP Request Injection and potential Remote Code Execution dubbed 'Ghostcat' (CVE-2020-1938).

Commvault software is not affected by CVE-2020-1938, as by default in the server.xml under the apache folder, the AJP protocol commented out and therefore disabling any AJP functionality.

The Apache Tomcat Server is automatically installed during the installation of our software if it is not already installed.

Note: Manually upgrading the Apache Tomcat Server is not supported. Commvault strives to update the Tomcat software with the latest security updates, so that the components using the Tomcat server are free from any vulnerabilities reported by the open-source community.

1 Commvault Way, Tinton Falls, NJ 07724 Sitemap | Legal Notices | Trademarks | Privacy Policy
Copyright © 2022 Commvault | All Rights Reserved.