[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-714) support secret="secret" in AJP nodes
Radoslav Husar (Jira)
issues at jboss.org
Thu Apr 9 08:19:56 EDT 2020
[ https://issues.redhat.com/browse/MODCLUSTER-714?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Radoslav Husar updated MODCLUSTER-714:
--------------------------------------
Fix Version/s: 2.0.0.Alpha1
> support secret="secret" in AJP nodes
> ------------------------------------
>
> Key: MODCLUSTER-714
> URL: https://issues.redhat.com/browse/MODCLUSTER-714
> Project: mod_cluster
> Issue Type: Bug
> Components: Native (httpd modules)
> Reporter: Jean-Frederic Clere
> Assignee: Jean-Frederic Clere
> Priority: Major
> Fix For: 2.0.0.Alpha1
>
>
> The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the back-end.
> <Connector port = "8009"
> protocol = "AJP / 1.3"
> redirectPort = "8443"
> address = "YOUR_TOMCAT_IP_ADDRESS"
> requiredSecret = "YOUR_TOMCAT_AJP_SECRET" />
> Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster.
> That prevents use using the mitigation.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the mod_cluster-issues
mailing list