Apache JServ Protocol (AJP)

Critical Risk

TCP — Web

Port Overview

Port Number 8009

Service Name Apache JServ Protocol (AJP)

Transport Protocol TCP

Category Web

Security Risk Critical

Port Range Registered (1024-49151)

What is Port 8009?

Port 8009 is the default port for Apache JServ Protocol (AJP), used to proxy requests from an Apache HTTP server to Apache Tomcat or other Java application servers. The Ghostcat vulnerability (CVE-2020-1938) allowed unauthenticated file reads and RCE through AJP, resulting in widespread exploitation of exposed port 8009. This port should be disabled or restricted if not actively used for reverse proxying.

TCP Web Commonly Used

Security Considerations

Port 8009 (Apache JServ Protocol (AJP)) is classified as critical risk. This port should not be exposed to the public internet. The service transmits data without encryption, making it vulnerable to eavesdropping, credential theft, and man-in-the-middle attacks.

Recommendation: Block this port at the firewall. Use encrypted alternatives (SSH, SFTP, HTTPS) instead.

Related Ports — Web

70 Gopher 80 HTTP 81 HTTP Alternate 280 http-mgmt 443 HTTPS 808 CCProxy HTTP 843 Flash Policy 901 SWAT