Description
The Apache JServ Protocol (AJP) is a binary protocol that can proxy inbound requests from a web server through to an application server that sits behind the web server. It's not recommended to have AJP services publicly accessible on the internet. If AJP is misconfigured it could allow an attacker to access to internal resources.
Remediation
It's recommended to restrict access to this service on production systems.
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-5012)
WordPress Plugin BulletProof Security Information Disclosure (5.1)
WordPress Multiple Vulnerabilities (0.70 - 3.6.1)
Apache Airflow Experimental API Auth Bypass CVE-2020-13927
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2107)