Jean-Frederic Clere created MODCLUSTER-714:
----------------------------------------------
Summary: support secret="scret" in AJP nodes
Key: MODCLUSTER-714
URL:
https://issues.redhat.com/browse/MODCLUSTER-714
Project: mod_cluster
Issue Type: Bug
Reporter: Jean-Frederic Clere
Assignee: Radoslav Husar
The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the
back-end.
<Connector port = "8009"
protocol = "AJP / 1.3"
redirectPort = "8443"
address = "YOUR_TOMCAT_IP_ADDRESS"
requiredSecret = "YOUR_TOMCAT_AJP_SECRET" />
Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster.
That prevents use using the mitigation.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)