]
Jean-Frederic Clere updated MODCLUSTER-714:
-------------------------------------------
Summary: support secret="secret" in AJP nodes (was: support
secret="scret" in AJP nodes)
support secret="secret" in AJP nodes
------------------------------------
Key: MODCLUSTER-714
URL:
https://issues.redhat.com/browse/MODCLUSTER-714
Project: mod_cluster
Issue Type: Bug
Reporter: Jean-Frederic Clere
Assignee: Radoslav Husar
Priority: Major
The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the
back-end.
<Connector port = "8009"
protocol = "AJP / 1.3"
redirectPort = "8443"
address = "YOUR_TOMCAT_IP_ADDRESS"
requiredSecret = "YOUR_TOMCAT_AJP_SECRET" />
Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster.
That prevents use using the mitigation.