AJP Request Injection and potential Remote Code Execution vulnerability in Tomcat server.
WSO2 API Manager
WSO2 Identity Server
WSO2 Enterprise Integrator
WSO2 Stream Processor
This vulnerability affects Tomcat deployments where AJP port is accessible to untrusted parties.
WSO2 products do not enable AJP and it is not recommended to use AJP with WSO2 products. Therefore, there is no possibility to exploit this vulnerability by connecting to the WSO2 servers via AJP.