e that it was creating a ServerSocket without InetAddress, i.e. bind
on 0.0.0.0, i.e. on all network interfaces.
If you use address="0.0.0.0" it will return the old behavior.
You may want to add some firewall rules to define who can reach the AJP
port and on which interfaces. Unless
r. How about "*" to get back the old behavior?
Regards
J
> Gesendet: Donnerstag, 05. März 2020 um 09:34 Uhr
> Von: "Mark Thomas"
> An: users@tomcat.apache.org
> Betreff: Re: Aw: Re: Fix for CVE-2020-1938
> On 05/03/2020 07:12, "Jürgen Gör
On 05/03/2020 07:12, "Jürgen Göres" wrote:
>>> My first question is: what value do I need to set in the "address"
>>> attribute to indicate that I want the connector to listen on ALL interfaces
>>> (for IPv4 AND IPv6)? Maybe that should be documented. :-)
>>
>> It will vary by system. Some syste
Am 05.03.2020 08:12, schrieb Jürgen Göres:
Ghostcat is the name of a malware strain that has been around since at
least October last year. When referencing vulnerabilities it is best
to
stick to the CVE reference since they should be unique (and if
something
goes wrong and they aren't there ar
>
>Ghostcat is the name of a malware strain that has been around since at
>least October last year. When referencing vulnerabilities it is best to
>stick to the CVE reference since they should be unique (and if something
>goes wrong and they aren't there are procedures to get them re-issued so
>the
I assume from context that you mean CVE-2020-1938.
Ghostcat is the name of a malware strain that has been around since at
least October last year. When referencing vulnerabilities it is best to
stick to the CVE reference since they should be unique (and if something
goes wrong and they aren't ther