Recently, we are ordered to check Tomcat AJP (Apache JServ Protocol) security issue from out customer.

Our customer suggests us to update Tomcat 9.0.31 or later.

And then, we found that Wowza Manager uses tomcat 9.0.22 lib.

( https://www.wowza.com/docs/how-to-troubleshoot-wowza-streaming-engine-installation )

So we want to check as follws.

• In Wowza Streaming Engine 4.8.0, is it use Tomcat 9.0.22?

• If it use Tomcat 9.0.22, is it safely about Tomcat AJP security issue?

• If is has security issue, how can solve this problem?

Best regards!

Hello Keunseok,

To get you an answer to this I have opened a support case on your behalf (359189). Once we have additional details or questions, we will be reaching out to you.

Regards,

Mac Hill
Wowza Support

Hello Keunseok,

I wanted to follow up with the findings on your questions:

* In Wowza Streaming Engine 4.8.0, is it use Tomcat 9.0.22?

• yes

* If it use Tomcat 9.0.22, is it safely about Tomcat AJP security issue?

• We do not enable the AJP port in our version of tomcat and as a result, we are not vulnerable to this attack.

I do hope this clarifies.

Mac