![]() SUSE recommends all its customers to keep their system up-to-date and apply this security patch. ![]() This is currently not yet available in apache2 mod_proxy_ajp for SUSE Linux Enterprise, but will be delivered soon. ProxyPass / ajp://localhost:8009/ secret=YOUR_TOMCAT_AJP_SECRET Specifically, in the mod_proxy_ajp configuration use in the ProxyPass line: The AJP Connector element represents a Connector component that communicates with a web connector via the AJP protocol. Failing to do so will revert the vulnerability.Īdditionally, this secret should also be set in mod_proxy_ajp configuration, if it is in use. Note: The APR/Native AJP Connector is deprecated and will be removed in Tomcat 10.1.x onwards. Note that packages provided by SUSE currently do not enforce the secret usage for compatibility reasons, regardless, please use a secret when you re-enable the AJP connector. Please adjust the string YOUR_TOMCAT_AJP_SECRET above to reflect your own secure secret. This can be done similarly to the following : Removing the html comment tags will enable it, but by doing so make sure that a 'secret' key is specified. Inside this file the following section will be commented out : On SLES servers this configuration is usually located in /etc/tomcat/server.xml Please note that this update may break some functionality since the AJP connector will be disabled by default. Customers who still desire to use the AJP connector, would need to enable this and set a 'secret' inside the configuration file.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |