EncryptInterceptor only provides partial protection on untrusted network · apache/tomcat@36826ea · GitHub
Skip to content

Commit

Permalink
EncryptInterceptor only provides partial protection on untrusted network
Browse files Browse the repository at this point in the history
  • Loading branch information
markt-asf committed May 10, 2022
1 parent 0b898bf commit 36826ea
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 5 deletions.
6 changes: 6 additions & 0 deletions webapps/docs/changelog.xml
Original file line number Diff line number Diff line change
Expand Up @@ -191,6 +191,12 @@
recommendation for the use the <code>trimSpaces</code> option for Jasper
in production environments. (markt)
</fix>
<fix>
Update the documentation web application to state that the
<code>EncryptInterceptor</code> does not provide sufficient protection
to run Tomcat clustering over an untrusted network. This is
CVE-2022-29885. (markt)
</fix>
</changelog>
</subsection>
<subsection name="Other">
Expand Down
6 changes: 5 additions & 1 deletion webapps/docs/cluster-howto.xml
Original file line number Diff line number Diff line change
Expand Up @@ -127,9 +127,13 @@ Tomcat cluster. These include:</p>
<li>private LAN</li>
<li>a Virtual Private Network (VPN)</li>
<li>IPSEC</li>
<li>Encrypt cluster traffic using the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li>
</ul>

<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a>
provides confidentiality and integrity protection but it does not protect
against all risks associated with running a Tomcat cluster on an untrusted
network, particularly DoS attacks.</p>

</section>

<section name="Cluster Basics">
Expand Down
6 changes: 5 additions & 1 deletion webapps/docs/config/cluster.xml
Original file line number Diff line number Diff line change
Expand Up @@ -52,12 +52,16 @@ to run a cluster on a insecure, untrusted network.</p>
<p>There are many options for providing a secure, trusted network for use by a
Tomcat cluster. These include:</p>
<ul>
<li><a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li>
<li>private LAN</li>
<li>a Virtual Private Network (VPN)</li>
<li>IPSEC</li>
</ul>

<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a>
provides confidentiality and integrity protection but it does not protect
against all risks associated with running a Tomcat cluster on an untrusted
network, particularly DoS attacks.</p>

</section>
<section name="Engine vs Host placement">
<p>
Expand Down
8 changes: 5 additions & 3 deletions webapps/docs/security-howto.xml
Original file line number Diff line number Diff line change
Expand Up @@ -477,10 +477,12 @@
trusted network is used for all of the cluster related network traffic. It
is not safe to run a cluster on a insecure, untrusted network.</p>

<p>If you are operating on an untrusted network or would prefer to
exercise an over-abundance of caution, you can use the
<p>If you require confidentiality and/or integrity protection then you can
use the
<a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a>
to encrypt traffic between nodes.</p>
to encrypt traffic between nodes. This interceptor does not protect
against all the risks of running on an untrusted network, particularly
DoS attacks.</p>
</subsection>
</section>

Expand Down

0 comments on commit 36826ea

Please sign in to comment.