KNOWLEDGE BASE

Is Tableau Server affected by CVE-2020-1938: Tomcat AJP protocol related vulnerability


Published: 26 Feb 2020
Last Modified Date: 09 Apr 2020

Issue

When using the Apache JServ Protocol (AJP), care must be taken when trusting incoming connections to Apache Tomcat. Tomcat treats AJP connections as having higher trust than, for example, a similar HTTP connection. If such connections are available to an attacker, they can be exploited in ways that may be surprising. In Apache Tomcat 9.0.0.M1 to 9.0.0.30, 8.5.0 to 8.5.50 and 7.0.0 to 7.0.99, Tomcat shipped with an AJP Connector enabled by default that listened on all configured IP addresses.
 

Environment

  • Tableau Server 

Resolution

No action is required.  Tableau Server is not impacted by this vulnerability.
 
Did this article resolve the issue?