SAS Statement Regarding
Apache Tomcat "Ghostcat" Vulnerability (CVE-2020-1938)

Reference Name: Apache Tomcat "Ghostcat" Vulnerability (CVE-2020-1938)
Severity: Informational
Status: No action by customers is required


History

3-3-2020 – Acknowledgement

Description

CVE-2020-1938, also known as "Ghostcat," affects the Apache Tomcat AJP connector. For more information, see CVE-2020-1938.

Solution

SAS®9 and SAS Viya products do not enable or use the Tomcat AJP connector. Therefore, these products are not exposed to this vulnerability. No action is required to remediate this issue in SAS products.

Security Bulletins Icon

Security Bulletins

View other security bulletins, published as part of our formal PSIRT process.

Technical Support Icon

Technical Support

Get world-class technical support via our support track system.

Samples & SAS Notes Icon

Samples & SAS Notes

Search our extensive Knowledge Base for code samples and SAS Notes.

Back to Top