[JBoss JIRA] (MODCLUSTER-714) support secret="secret" in AJP nodes
by Radoslav Husar (Jira)
[ https://issues.redhat.com/browse/MODCLUSTER-714?page=com.atlassian.jira.p... ]
Radoslav Husar updated MODCLUSTER-714:
--------------------------------------
Fix Version/s: 1.3.13.Final
> support secret="secret" in AJP nodes
> ------------------------------------
>
> Key: MODCLUSTER-714
> URL: https://issues.redhat.com/browse/MODCLUSTER-714
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Reporter: Jean-Frederic Clere
> Assignee: Jean-Frederic Clere
> Priority: Major
> Fix For: 2.0.0.Alpha1, 1.3.13.Final
>
>
> The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the back-end.
> <Connector port = "8009"
> protocol = "AJP / 1.3"
> redirectPort = "8443"
> address = "YOUR_TOMCAT_IP_ADDRESS"
> requiredSecret = "YOUR_TOMCAT_AJP_SECRET" />
> Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster.
> That prevents use using the mitigation.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 8 months
[JBoss JIRA] (MODCLUSTER-714) support secret="secret" in AJP nodes
by Radoslav Husar (Jira)
[ https://issues.redhat.com/browse/MODCLUSTER-714?page=com.atlassian.jira.p... ]
Radoslav Husar updated MODCLUSTER-714:
--------------------------------------
Status: Resolved (was: Pull Request Sent)
Resolution: Done
[~jfclere] PR was merged, should this be resolved or does it need anything on the Java side?
> support secret="secret" in AJP nodes
> ------------------------------------
>
> Key: MODCLUSTER-714
> URL: https://issues.redhat.com/browse/MODCLUSTER-714
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Reporter: Jean-Frederic Clere
> Assignee: Jean-Frederic Clere
> Priority: Major
>
> The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the back-end.
> <Connector port = "8009"
> protocol = "AJP / 1.3"
> redirectPort = "8443"
> address = "YOUR_TOMCAT_IP_ADDRESS"
> requiredSecret = "YOUR_TOMCAT_AJP_SECRET" />
> Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster.
> That prevents use using the mitigation.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 8 months
[JBoss JIRA] (MODCLUSTER-714) support secret="secret" in AJP nodes
by Radoslav Husar (Jira)
[ https://issues.redhat.com/browse/MODCLUSTER-714?page=com.atlassian.jira.p... ]
Radoslav Husar updated MODCLUSTER-714:
--------------------------------------
Fix Version/s: 2.0.0.Alpha1
> support secret="secret" in AJP nodes
> ------------------------------------
>
> Key: MODCLUSTER-714
> URL: https://issues.redhat.com/browse/MODCLUSTER-714
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Reporter: Jean-Frederic Clere
> Assignee: Jean-Frederic Clere
> Priority: Major
> Fix For: 2.0.0.Alpha1
>
>
> The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the back-end.
> <Connector port = "8009"
> protocol = "AJP / 1.3"
> redirectPort = "8443"
> address = "YOUR_TOMCAT_IP_ADDRESS"
> requiredSecret = "YOUR_TOMCAT_AJP_SECRET" />
> Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster.
> That prevents use using the mitigation.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 8 months
[JBoss JIRA] (MODCLUSTER-714) support secret="secret" in AJP nodes
by Radoslav Husar (Jira)
[ https://issues.redhat.com/browse/MODCLUSTER-714?page=com.atlassian.jira.p... ]
Radoslav Husar updated MODCLUSTER-714:
--------------------------------------
Component/s: Native (httpd modules)
> support secret="secret" in AJP nodes
> ------------------------------------
>
> Key: MODCLUSTER-714
> URL: https://issues.redhat.com/browse/MODCLUSTER-714
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Reporter: Jean-Frederic Clere
> Assignee: Jean-Frederic Clere
> Priority: Major
> Fix For: 2.0.0.Alpha1
>
>
> The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the back-end.
> <Connector port = "8009"
> protocol = "AJP / 1.3"
> redirectPort = "8443"
> address = "YOUR_TOMCAT_IP_ADDRESS"
> requiredSecret = "YOUR_TOMCAT_AJP_SECRET" />
> Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster.
> That prevents use using the mitigation.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 8 months
[JBoss JIRA] (MODCLUSTER-716) Refactor core and SPI modules in preparation for Servlet 5.0
by Radoslav Husar (Jira)
[ https://issues.redhat.com/browse/MODCLUSTER-716?page=com.atlassian.jira.p... ]
Radoslav Husar updated MODCLUSTER-716:
--------------------------------------
Status: Resolved (was: Pull Request Sent)
Resolution: Done
> Refactor core and SPI modules in preparation for Servlet 5.0
> ------------------------------------------------------------
>
> Key: MODCLUSTER-716
> URL: https://issues.redhat.com/browse/MODCLUSTER-716
> Project: mod_cluster
> Issue Type: Task
> Affects Versions: 1.4.1.Final
> Reporter: Radoslav Husar
> Assignee: Radoslav Husar
> Priority: Critical
> Fix For: 2.0.0.Alpha1
>
>
> Because Servlet 5.0 will change package names, and because the implementations of the SPI must work with containers supporting earlier versions of the specification, certain interfaces will have to be made generic to support both packages names.
> {code}
> [ERROR] /Users/rhusar/git/mod_cluster/core/src/main/java/org/jboss/modcluster/ModClusterService.java:[39,21] package javax.servlet does not exist
> [ERROR] /Users/rhusar/git/mod_cluster/core/src/main/java/org/jboss/modcluster/ModClusterService.java:[40,26] package javax.servlet.http does not exist
> {code}
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 8 months
[JBoss JIRA] (MODCLUSTER-717) address="::1" on the tomcat10 connector returns 503
by Jean-Frederic Clere (Jira)
[ https://issues.redhat.com/browse/MODCLUSTER-717?page=com.atlassian.jira.p... ]
Jean-Frederic Clere commented on MODCLUSTER-717:
------------------------------------------------
Yes it is a native issue.
And yes I used your PR for tomcat10.
> address="::1" on the tomcat10 connector returns 503
> ---------------------------------------------------
>
> Key: MODCLUSTER-717
> URL: https://issues.redhat.com/browse/MODCLUSTER-717
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Affects Versions: 2.0.0.Alpha1
> Reporter: Jean-Frederic Clere
> Assignee: Jean-Frederic Clere
> Priority: Major
>
> When having in server.xml
> +++
> <Connector protocol="AJP/1.3"
> port="8009"
> address="::1"
> secret="adelina"
> redirectPort="8443" />
> +++
> The mod_cluster_manager reports Status: OK but any request to httpd return 503.
> Using mod_cluster master and mod_proxy_cluster master (and httpd trunk).
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 8 months
[JBoss JIRA] (MODCLUSTER-717) address="::1" on the tomcat10 connector returns 503
by Radoslav Husar (Jira)
[ https://issues.redhat.com/browse/MODCLUSTER-717?page=com.atlassian.jira.p... ]
Radoslav Husar reassigned MODCLUSTER-717:
-----------------------------------------
Assignee: Jean-Frederic Clere (was: Radoslav Husar)
> address="::1" on the tomcat10 connector returns 503
> ---------------------------------------------------
>
> Key: MODCLUSTER-717
> URL: https://issues.redhat.com/browse/MODCLUSTER-717
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Affects Versions: 2.0.0.Alpha1
> Reporter: Jean-Frederic Clere
> Assignee: Jean-Frederic Clere
> Priority: Major
>
> When having in server.xml
> +++
> <Connector protocol="AJP/1.3"
> port="8009"
> address="::1"
> secret="adelina"
> redirectPort="8443" />
> +++
> The mod_cluster_manager reports Status: OK but any request to httpd return 503.
> Using mod_cluster master and mod_proxy_cluster master (and httpd trunk).
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 8 months
[JBoss JIRA] (MODCLUSTER-717) address="::1" on the tomcat10 connector returns 503
by Jean-Frederic Clere (Jira)
[ https://issues.redhat.com/browse/MODCLUSTER-717?page=com.atlassian.jira.p... ]
Jean-Frederic Clere updated MODCLUSTER-717:
-------------------------------------------
Component/s: Native (httpd modules)
> address="::1" on the tomcat10 connector returns 503
> ---------------------------------------------------
>
> Key: MODCLUSTER-717
> URL: https://issues.redhat.com/browse/MODCLUSTER-717
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Affects Versions: 2.0.0.Alpha1
> Reporter: Jean-Frederic Clere
> Assignee: Radoslav Husar
> Priority: Major
>
> When having in server.xml
> +++
> <Connector protocol="AJP/1.3"
> port="8009"
> address="::1"
> secret="adelina"
> redirectPort="8443" />
> +++
> The mod_cluster_manager reports Status: OK but any request to httpd return 503.
> Using mod_cluster master and mod_proxy_cluster master (and httpd trunk).
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
4 years, 9 months