{"id":7539,"date":"2020-03-16T18:17:37","date_gmt":"2020-03-16T17:17:37","guid":{"rendered":"https:\/\/myintercard.com\/sicherheitsluecke-bei-der-von-uns-eingesetzten-software-apache-tomcat-schliessen"},"modified":"2021-09-30T12:04:58","modified_gmt":"2021-09-30T10:04:58","slug":"closing-security-gap-in-apache-tomcat-software-used-by-us","status":"publish","type":"post","link":"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/","title":{"rendered":"Closing a security gap in the Apache-Tomcat software used by us"},"content":{"rendered":"<p>As was reported last week in an <a href=\"https:\/\/www.heise.de\/security\/meldung\/Jetzt-patchen-Kritische-Luecke-Ghostcat-in-Apache-Tomcat-Versionen-seit-6-0-4673983.html\" target=\"_blank\" rel=\"noopener\">article by heise online<\/a>, there is a critical security gap known as \u201cGhostcat\u201d in Apache-Tomcat in the versions from 6.0. An attack via the so-called \u201cAJP Connector Service\u201d is possible.<\/p>\n<p>The gap can be closed in the short term by avoiding unauthorised access (e.g. firewall) on the AJP Connector Service Port (Default-Port 8009), or by completely deactivating the service. This service is not used by InterCard products, which use only the HTTP Connector.<\/p>\n<p>The deactivation of the AJP Connector Service can be carried out as follows:<\/p>\n<ol>\n<li>Open configuration file &lt;CATALINA_BASE&gt;\/conf\/server.xml \u00f6ffnen (&lt;CATALINA_BASE&gt; represents the Tomcat folder). We urgently recommend that you make a backup copy of the configuration file beforehand.<\/li>\n<li>Comment out or erase the following line:<br \/>\n&lt;Connector port=&#8221;8009&#8243; protocol=&#8221;AJP\/1.3&#8243; redirectPort=&#8221;8443&#8243; \/&gt; The values for the ports can differ from the example listed.<\/li>\n<li>Save the changes in the file and restart the Tomcat.<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>Apache-Tomcat is used in the following InterCard products:<\/p>\n<ol>\n<li>smart.ACTIVE<\/li>\n<li>smart.SHOP<\/li>\n<li>smart.TO.GET (Schnittstelle f\u00fcr Validie\u00adrungen)<\/li>\n<li>my.InterCard Payment-Service<\/li>\n<li>Automatenlinien smart.UP, add.UP, smart.BOOK, smart.GET, smart.MOVE, smart.EXPERT und vario.UP<\/li>\n<\/ol>\n<p>&nbsp;<\/p>\n<p>If you need support for the deactivation of the AJP Connector Service, please contact our hotline (+49 7720 9945-55, <a href=\"mailto:ticket@secanda.com\">ticket@secanda.com<\/a>).<\/p>\n","protected":false},"excerpt":{"rendered":"<p>As was reported last week in an article by heise online, there is a critical security gap known as \u201cGhostcat\u201d in Apache-Tomcat in the versions from 6.0. An attack via  [&#8230;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"class_list":["post-7539","post","type-post","status-publish","format-standard","hentry","category-service-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.4 (Yoast SEO v27.4) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Closing a security gap in the Apache-Tomcat software used by us - SECANDA AG<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Closing a security gap in the Apache-Tomcat software used by us\" \/>\n<meta property=\"og:description\" content=\"As was reported last week in an article by heise online, there is a critical security gap known as \u201cGhostcat\u201d in Apache-Tomcat in the versions from 6.0. An attack via [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/\" \/>\n<meta property=\"og:site_name\" content=\"SECANDA AG\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-16T17:17:37+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-09-30T10:04:58+00:00\" \/>\n<meta name=\"author\" content=\"li_wenjuan\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"li_wenjuan\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/closing-security-gap-in-apache-tomcat-software-used-by-us\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/closing-security-gap-in-apache-tomcat-software-used-by-us\\\/\"},\"author\":{\"name\":\"li_wenjuan\",\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/#\\\/schema\\\/person\\\/26197b75aa4ab7479c8e9f93d953d178\"},\"headline\":\"Closing a security gap in the Apache-Tomcat software used by us\",\"datePublished\":\"2020-03-16T17:17:37+00:00\",\"dateModified\":\"2021-09-30T10:04:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/closing-security-gap-in-apache-tomcat-software-used-by-us\\\/\"},\"wordCount\":232,\"publisher\":{\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/#organization\"},\"articleSection\":[\"Service\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/closing-security-gap-in-apache-tomcat-software-used-by-us\\\/\",\"url\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/closing-security-gap-in-apache-tomcat-software-used-by-us\\\/\",\"name\":\"Closing a security gap in the Apache-Tomcat software used by us - SECANDA AG\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/#website\"},\"datePublished\":\"2020-03-16T17:17:37+00:00\",\"dateModified\":\"2021-09-30T10:04:58+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/closing-security-gap-in-apache-tomcat-software-used-by-us\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.secanda.com\\\/en\\\/closing-security-gap-in-apache-tomcat-software-used-by-us\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/closing-security-gap-in-apache-tomcat-software-used-by-us\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Startseite\",\"item\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Closing a security gap in the Apache-Tomcat software used by us\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/\",\"name\":\"SECANDA AG\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/#organization\"},\"alternateName\":\"SECANDA\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/#organization\",\"name\":\"SECANDA Systems AG\",\"alternateName\":\"SECANDA\",\"url\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.secanda.com\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/LT6-CorporateDesign-SECANDA_Signet_rot.png\",\"contentUrl\":\"https:\\\/\\\/www.secanda.com\\\/wp-content\\\/uploads\\\/2024\\\/10\\\/LT6-CorporateDesign-SECANDA_Signet_rot.png\",\"width\":465,\"height\":465,\"caption\":\"SECANDA Systems AG\"},\"image\":{\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.linkedin.com\\\/company\\\/secanda\\\/\",\"https:\\\/\\\/www.xing.com\\\/pages\\\/secanda\",\"https:\\\/\\\/www.youtube.com\\\/@secanda2022\",\"https:\\\/\\\/www.instagram.com\\\/wearesecanda\\\/\"],\"description\":\"Die SECANDA Systems AG ist die gr\u00f6\u00dfte Tochtergesellschaft der SECANDA AG und ein f\u00fchrender Anbieter integrierter L\u00f6sungen f\u00fcr digitale Identit\u00e4ten, Zutrittskontrolle, Arbeitszeiterfassung, Payment und vernetzte ID-\u00d6kosysteme. Das Unternehmen entstand 2023 aus dem Zusammenschluss der langj\u00e4hrig etablierten Spezialisten InterCard GmbH Kartensysteme, IntraKey technologies AG und H. Schom\u00e4cker GmbH und vereint mehr als f\u00fcnf Jahrzehnte Expertise im Bereich Identifikations- und Kartentechnologien.\",\"email\":\"info@secanda.com\",\"telephone\":\"+49 7720 9945 0\",\"legalName\":\"SECANDA Systems AG\",\"foundingDate\":\"1978-12-07\",\"vatID\":\"DE142986548\",\"numberOfEmployees\":{\"@type\":\"QuantitativeValue\",\"minValue\":\"51\",\"maxValue\":\"200\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.secanda.com\\\/en\\\/#\\\/schema\\\/person\\\/26197b75aa4ab7479c8e9f93d953d178\",\"name\":\"li_wenjuan\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Closing a security gap in the Apache-Tomcat software used by us - SECANDA AG","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/","og_locale":"en_US","og_type":"article","og_title":"Closing a security gap in the Apache-Tomcat software used by us","og_description":"As was reported last week in an article by heise online, there is a critical security gap known as \u201cGhostcat\u201d in Apache-Tomcat in the versions from 6.0. An attack via [...]","og_url":"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/","og_site_name":"SECANDA AG","article_published_time":"2020-03-16T17:17:37+00:00","article_modified_time":"2021-09-30T10:04:58+00:00","author":"li_wenjuan","twitter_card":"summary_large_image","twitter_misc":{"Written by":"li_wenjuan","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/#article","isPartOf":{"@id":"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/"},"author":{"name":"li_wenjuan","@id":"https:\/\/www.secanda.com\/en\/#\/schema\/person\/26197b75aa4ab7479c8e9f93d953d178"},"headline":"Closing a security gap in the Apache-Tomcat software used by us","datePublished":"2020-03-16T17:17:37+00:00","dateModified":"2021-09-30T10:04:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/"},"wordCount":232,"publisher":{"@id":"https:\/\/www.secanda.com\/en\/#organization"},"articleSection":["Service"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/","url":"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/","name":"Closing a security gap in the Apache-Tomcat software used by us - SECANDA AG","isPartOf":{"@id":"https:\/\/www.secanda.com\/en\/#website"},"datePublished":"2020-03-16T17:17:37+00:00","dateModified":"2021-09-30T10:04:58+00:00","breadcrumb":{"@id":"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.secanda.com\/en\/closing-security-gap-in-apache-tomcat-software-used-by-us\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Startseite","item":"https:\/\/www.secanda.com\/en\/"},{"@type":"ListItem","position":2,"name":"Closing a security gap in the Apache-Tomcat software used by us"}]},{"@type":"WebSite","@id":"https:\/\/www.secanda.com\/en\/#website","url":"https:\/\/www.secanda.com\/en\/","name":"SECANDA AG","description":"","publisher":{"@id":"https:\/\/www.secanda.com\/en\/#organization"},"alternateName":"SECANDA","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.secanda.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.secanda.com\/en\/#organization","name":"SECANDA Systems AG","alternateName":"SECANDA","url":"https:\/\/www.secanda.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.secanda.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/www.secanda.com\/wp-content\/uploads\/2024\/10\/LT6-CorporateDesign-SECANDA_Signet_rot.png","contentUrl":"https:\/\/www.secanda.com\/wp-content\/uploads\/2024\/10\/LT6-CorporateDesign-SECANDA_Signet_rot.png","width":465,"height":465,"caption":"SECANDA Systems AG"},"image":{"@id":"https:\/\/www.secanda.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.linkedin.com\/company\/secanda\/","https:\/\/www.xing.com\/pages\/secanda","https:\/\/www.youtube.com\/@secanda2022","https:\/\/www.instagram.com\/wearesecanda\/"],"description":"Die SECANDA Systems AG ist die gr\u00f6\u00dfte Tochtergesellschaft der SECANDA AG und ein f\u00fchrender Anbieter integrierter L\u00f6sungen f\u00fcr digitale Identit\u00e4ten, Zutrittskontrolle, Arbeitszeiterfassung, Payment und vernetzte ID-\u00d6kosysteme. Das Unternehmen entstand 2023 aus dem Zusammenschluss der langj\u00e4hrig etablierten Spezialisten InterCard GmbH Kartensysteme, IntraKey technologies AG und H. Schom\u00e4cker GmbH und vereint mehr als f\u00fcnf Jahrzehnte Expertise im Bereich Identifikations- und Kartentechnologien.","email":"info@secanda.com","telephone":"+49 7720 9945 0","legalName":"SECANDA Systems AG","foundingDate":"1978-12-07","vatID":"DE142986548","numberOfEmployees":{"@type":"QuantitativeValue","minValue":"51","maxValue":"200"}},{"@type":"Person","@id":"https:\/\/www.secanda.com\/en\/#\/schema\/person\/26197b75aa4ab7479c8e9f93d953d178","name":"li_wenjuan"}]}},"_links":{"self":[{"href":"https:\/\/www.secanda.com\/en\/wp-json\/wp\/v2\/posts\/7539","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.secanda.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.secanda.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.secanda.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.secanda.com\/en\/wp-json\/wp\/v2\/comments?post=7539"}],"version-history":[{"count":0,"href":"https:\/\/www.secanda.com\/en\/wp-json\/wp\/v2\/posts\/7539\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.secanda.com\/en\/wp-json\/wp\/v2\/media?parent=7539"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.secanda.com\/en\/wp-json\/wp\/v2\/categories?post=7539"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.secanda.com\/en\/wp-json\/wp\/v2\/tags?post=7539"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}