BMC AMI Console Management does not have the GhostCat Vulnerability in Apache Tomcat Servers (MVCM MVCA SecureHMC bmc ioConcepts)

Knowledge Article

Article Number

000212441

Old Article Number

000187138

Article Type

Product/Service Description

Title

BMC AMI Console Management does not have the GhostCat Vulnerability in Apache Tomcat Servers (MVCM MVCA SecureHMC bmc ioConcepts)

Summary

There is no GhostCat Vulnerability in BMC AMI Console Management

Product

BMC AMI Console Management for zEnterprise - Base

Component

Applies to

MVCM/MVCA/SecureHMC
MainView Console Management for zEnterprise - MainView Console Automation for zEnterprise
BMC AMI Console Management for zEnterprise - BMC AMI Console Automation for zEnterprise - BMC AMI SecureHMC for zEnterprise

Details

BMC AMI Console Management, Console Automation, and SecureHMC (also known as MainView Console Management and bmc ioConcepts) does not require, nor utilize the Apache JServ Protocol (AJP), protocol. The connector that supports AJP has been removed from the default configuration, so this vulnerability will not affect the BMC AMI Console Management.

The following is for information purposes only.

GhostCat Vulnerability in Apache Tomcat Servers (BMC AMI Console Management MVCM MVCA SecureHMC bmc ioConcepts)

Summary
GhostCat Vulnerability Affects Apache Tomcat Servers

Threat Vectors
A vulnerability in the Tomcat AJP protocol can be exploited to read file contents and access source code and configuration files. If the servers allow file uploads, the flaw can also be exploited to remotely execute code.

Mitigation
Apache Tomcat has released versions 9.0.31, 8.5.51, and 7.0.100 to address the issue.

Vulnerable Products
This vulnerability affects Apache Tomcat versions 6.x, 7.x, 8.x, and 9.x.

Attachment(s):