Tomcat / AJP
Tomcat AJP connector
What is AJP?
AJP is a binary protocol used between a front-end proxy and an application server such as Tomcat.
Common security issues
AJP exposed to untrusted networks when it should be internal-only
Misconfiguration allowing access to internal app paths
Weak connector secrets or missing connector restrictions
Java web stack exposure that expands the reachable attack surface