![]() SUSE recommends all its customers to keep their system up-to-date and apply this security patch. This is currently not yet available in apache2 mod_proxy_ajp for SUSE Linux Enterprise, but will be delivered soon. ProxyPass / ajp://localhost:8009/ secret=YOUR_TOMCAT_AJP_SECRET ![]() Specifically, in the mod_proxy_ajp configuration use in the ProxyPass line: Failing to do so will revert the vulnerability.Īdditionally, this secret should also be set in mod_proxy_ajp configuration, if it is in use. Note that packages provided by SUSE currently do not enforce the secret usage for compatibility reasons, regardless, please use a secret when you re-enable the AJP connector. Please adjust the string YOUR_TOMCAT_AJP_SECRET above to reflect your own secure secret. This can be done similarly to the following : Removing the html comment tags will enable it, but by doing so make sure that a 'secret' key is specified. Inside this file the following section will be commented out : On SLES servers this configuration is usually located in /etc/tomcat/server.xml If this Connector is being used in a proxy configuration, configure this attribute to specify the server name to be returned for. Please note that this update may break some functionality since the AJP connector will be disabled by default. Customers who still desire to use the AJP connector, would need to enable this and set a 'secret' inside the configuration file. compressibleMimeType: The value is a comma separated list of MIME types for which HTTP compression may be used. If not specified, the default provider will be used. SUSE Linux Enterprise Server 11 Service Pack 4 LTSS For example it is used with the AJP connectors, the HTTP APR connector and with the .SSLValve.SUSE Linux Enterprise Server 12 Service Pack 3 LTSSĪlso, a patch for Tomcat version 6.0.53 has been provided in:.SUSE Linux Enterprise Server 12 Service Pack 2 LTSS.SUSE Linux Enterprise Server 12 Service Pack 1 LTSS.SUSE Linux Enterprise Server 12 Service Pack 5Īdditionally, a patch for Tomcat version 8.0.53 is already shipped in:.SUSE Linux Enterprise Server 12 Service Pack 4.SUSE Linux Enterprise Server 15 Service Pack 1.SUSE has already shipped the upgraded version 9.0.31 of Tomcat in: This parameter is available in Apache HTTP Server 2.4. At the same time instructions to mitigate the issue have been published for other versions. Options such as the secret option of Tomcat (required by default since Tomcat 8.5.51 and 9.0.31) can just be added as a separate parameter at the end of ProxyPass or BalancerMember. ![]() ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |