This is an automated email from the ASF dual-hosted git repository. markt pushed a commit to branch 9.0.x in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/9.0.x by this push: new eaafd28296 EncryptInterceptor only provides partial protection on untrusted network eaafd28296 is described below commit eaafd28296c54d983e28a47953c1f5cb2c334f48 Author: Mark Thomas <ma...@apache.org> AuthorDate: Tue May 10 17:59:05 2022 +0100 EncryptInterceptor only provides partial protection on untrusted network This is CVE-2022-29885 --- webapps/docs/changelog.xml | 6 ++++++ webapps/docs/cluster-howto.xml | 6 +++++- webapps/docs/config/cluster.xml | 6 +++++- webapps/docs/security-howto.xml | 8 +++++--- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml index 85f9ed8f6c..f64f181e65 100644 --- a/webapps/docs/changelog.xml +++ b/webapps/docs/changelog.xml @@ -183,6 +183,12 @@ recommendation for the use the <code>trimSpaces</code> option for Jasper in production environments. (markt) </fix> + <fix> + Update the documentation web application to state that the + <code>EncryptInterceptor</code> does not provide sufficient protection + to run Tomcat clustering over an untrusted network. This is + CVE-2022-29885. (markt) + </fix> </changelog> </subsection> <subsection name="Other"> diff --git a/webapps/docs/cluster-howto.xml b/webapps/docs/cluster-howto.xml index 076ef93e3a..2edaf71d35 100644 --- a/webapps/docs/cluster-howto.xml +++ b/webapps/docs/cluster-howto.xml @@ -127,9 +127,13 @@ Tomcat cluster. These include:</p> <li>private LAN</li> <li>a Virtual Private Network (VPN)</li> <li>IPSEC</li> - <li>Encrypt cluster traffic using the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li> </ul> +<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> +provides confidentiality and integrity protection but it does not protect +against all risks associated with running a Tomcat cluster on an untrusted +network, particularly DoS attacks.</p> + </section> <section name="Cluster Basics"> diff --git a/webapps/docs/config/cluster.xml b/webapps/docs/config/cluster.xml index 0535b4a4d4..03dbf4b693 100644 --- a/webapps/docs/config/cluster.xml +++ b/webapps/docs/config/cluster.xml @@ -52,12 +52,16 @@ to run a cluster on a insecure, untrusted network.</p> <p>There are many options for providing a secure, trusted network for use by a Tomcat cluster. These include:</p> <ul> - <li><a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li> <li>private LAN</li> <li>a Virtual Private Network (VPN)</li> <li>IPSEC</li> </ul> +<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> +provides confidentiality and integrity protection but it does not protect +against all risks associated with running a Tomcat cluster on an untrusted +network, particularly DoS attacks.</p> + </section> <section name="Engine vs Host placement"> <p> diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml index 566a62233c..3ef294dbce 100644 --- a/webapps/docs/security-howto.xml +++ b/webapps/docs/security-howto.xml @@ -469,10 +469,12 @@ trusted network is used for all of the cluster related network traffic. It is not safe to run a cluster on a insecure, untrusted network.</p> - <p>If you are operating on an untrusted network or would prefer to - exercise an over-abundance of caution, you can use the + <p>If you require confidentiality and/or integrity protection then you can + use the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a> - to encrypt traffic between nodes.</p> + to encrypt traffic between nodes. This interceptor does not protect + against all the risks of running on an untrusted network, particularly + DoS attacks.</p> </subsection> </section> --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org