Uploaded image for project: 'mod_cluster'
  1. mod_cluster
  2. MODCLUSTER-714

support secret="secret" in AJP nodes

    XMLWordPrintable

    Details

      Description

      The CVE-2020-1938 "mitigation" forces the use of a secret between httpd and the back-end.
      <Connector port = "8009"
      protocol = "AJP / 1.3"
      redirectPort = "8443"
      address = "YOUR_TOMCAT_IP_ADDRESS"
      requiredSecret = "YOUR_TOMCAT_AJP_SECRET" />
      Actually secret="secret" is support in mod_proxy_ajp but not in mod_cluster.
      That prevents use using the mitigation.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rhn-engineering-jclere Jean-Frederic Clere
              Reporter:
              rhn-engineering-jclere Jean-Frederic Clere
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: