Uploaded image for project: 'mod_cluster'
  1. mod_cluster
  2. MODCLUSTER-714

support secret="secret" in AJP nodes

    XMLWordPrintable

Details

    Description

      The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the back-end.
      <Connector port = "8009"
      protocol = "AJP / 1.3"
      redirectPort = "8443"
      address = "YOUR_TOMCAT_IP_ADDRESS"
      requiredSecret = "YOUR_TOMCAT_AJP_SECRET" />
      Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster.
      That prevents use using the mitigation.

      Attachments

        Issue Links

          incorporates

          Bug - A problem that impairs or prevents the functions of the product. JBCS-930 support secret="secret" in AJP nodes

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Closed

          Activity

            People

              rhn-engineering-jclere Jean-Frederic Clere
              rhn-engineering-jclere Jean-Frederic Clere
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: