Skip to end of metadata
Go to start of metadata

Reported Vulnerability

AJP Request Injection and potential Remote Code Execution vulnerability in Tomcat server.

Reported Products

WSO2 API Manager

WSO2 Identity Server

WSO2 Enterprise Integrator

WSO2 Stream Processor

WSO2 Clarification

This vulnerability affects Tomcat deployments where AJP port is accessible to untrusted parties.

WSO2 products do not enable AJP and it is not recommended to use AJP with WSO2 products. Therefore, there is no possibility to exploit this vulnerability by connecting to the WSO2 servers via AJP.

CVE References


  • No labels