[mod_cluster-issues] [JBoss JIRA] (MODCLUSTER-714) support secret="secret" in AJP nodes
Jean-Frederic Clere (Jira)
issues at jboss.org
Sat Feb 29 09:47:00 EST 2020
[ https://issues.redhat.com/browse/MODCLUSTER-714?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jean-Frederic Clere updated MODCLUSTER-714:
-------------------------------------------
Summary: support secret="secret" in AJP nodes (was: support secret="scret" in AJP nodes)
> support secret="secret" in AJP nodes
> ------------------------------------
>
> Key: MODCLUSTER-714
> URL: https://issues.redhat.com/browse/MODCLUSTER-714
> Project: mod_cluster
> Issue Type: Bug
> Reporter: Jean-Frederic Clere
> Assignee: Radoslav Husar
> Priority: Major
>
> The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the back-end.
> <Connector port = "8009"
> protocol = "AJP / 1.3"
> redirectPort = "8443"
> address = "YOUR_TOMCAT_IP_ADDRESS"
> requiredSecret = "YOUR_TOMCAT_AJP_SECRET" />
> Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster.
> That prevents use using the mitigation.
--
This message was sent by Atlassian Jira
(v7.13.8#713008)
More information about the mod_cluster-issues
mailing list