This is an automated email from the ASF dual-hosted git repository.
markt pushed a commit to branch 8.5.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/8.5.x by this push:
new b679bc627f EncryptInterceptor only provides partial protection on
untrusted network
b679bc627f is described below
commit b679bc627f5a4ea6510af95adfb7476b07eba890
Author: Mark Thomas <[email protected]>
AuthorDate: Tue May 10 17:59:05 2022 +0100
EncryptInterceptor only provides partial protection on untrusted network
This is CVE-2022-29885
---
webapps/docs/changelog.xml | 6 ++++++
webapps/docs/cluster-howto.xml | 6 +++++-
webapps/docs/config/cluster.xml | 6 +++++-
webapps/docs/security-howto.xml | 8 +++++---
4 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 2e5194e254..5a277c3084 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -183,6 +183,12 @@
recommendation for the use the <code>trimSpaces</code> option for
Jasper
in production environments. (markt)
</fix>
+ <fix>
+ Update the documentation web application to state that the
+ <code>EncryptInterceptor</code> does not provide sufficient protection
+ to run Tomcat clustering over an untrusted network. This is
+ CVE-2022-29885. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Other">
diff --git a/webapps/docs/cluster-howto.xml b/webapps/docs/cluster-howto.xml
index 076ef93e3a..2edaf71d35 100644
--- a/webapps/docs/cluster-howto.xml
+++ b/webapps/docs/cluster-howto.xml
@@ -127,9 +127,13 @@ Tomcat cluster. These include:</p>
<li>private LAN</li>
<li>a Virtual Private Network (VPN)</li>
<li>IPSEC</li>
- <li>Encrypt cluster traffic using the <a
href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li>
</ul>
+<p>The <a
href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a>
+provides confidentiality and integrity protection but it does not protect
+against all risks associated with running a Tomcat cluster on an untrusted
+network, particularly DoS attacks.</p>
+
</section>
<section name="Cluster Basics">
diff --git a/webapps/docs/config/cluster.xml b/webapps/docs/config/cluster.xml
index 9211edd972..21d0fe5f47 100644
--- a/webapps/docs/config/cluster.xml
+++ b/webapps/docs/config/cluster.xml
@@ -52,12 +52,16 @@ to run a cluster on a insecure, untrusted network.</p>
<p>There are many options for providing a secure, trusted network for use by a
Tomcat cluster. These include:</p>
<ul>
- <li><a
href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li>
<li>private LAN</li>
<li>a Virtual Private Network (VPN)</li>
<li>IPSEC</li>
</ul>
+<p>The <a
href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a>
+provides confidentiality and integrity protection but it does not protect
+against all risks associated with running a Tomcat cluster on an untrusted
+network, particularly DoS attacks.</p>
+
</section>
<section name="Engine vs Host placement">
<p>
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index 046a2ecc70..b0278e40cf 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -469,10 +469,12 @@
trusted network is used for all of the cluster related network traffic.
It
is not safe to run a cluster on a insecure, untrusted network.</p>
- <p>If you are operating on an untrusted network or would prefer to
- exercise an over-abundance of caution, you can use the
+ <p>If you require confidentiality and/or integrity protection then you
can
+ use the
<a
href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a>
- to encrypt traffic between nodes.</p>
+ to encrypt traffic between nodes. This interceptor does not protect
+ against all the risks of running on an untrusted network, particularly
+ DoS attacks.</p>
</subsection>
</section>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
