You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2022/05/10 16:59:24 UTC

[tomcat] branch 10.0.x updated: EncryptInterceptor only provides partial protection on untrusted network

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 10.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git


The following commit(s) were added to refs/heads/10.0.x by this push:
     new 36826ea638 EncryptInterceptor only provides partial protection on untrusted network
36826ea638 is described below

commit 36826ea638457d7e17876a70f89cb435b6db0d91
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue May 10 17:59:05 2022 +0100

    EncryptInterceptor only provides partial protection on untrusted network
    
    This is CVE-2022-29885
---
 webapps/docs/changelog.xml      | 6 ++++++
 webapps/docs/cluster-howto.xml  | 6 +++++-
 webapps/docs/config/cluster.xml | 6 +++++-
 webapps/docs/security-howto.xml | 8 +++++---
 4 files changed, 21 insertions(+), 5 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index cb9050b243..a6e153b3ed 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -191,6 +191,12 @@
         recommendation for the use the <code>trimSpaces</code> option for Jasper
         in production environments. (markt)
       </fix>
+      <fix>
+        Update the documentation web application to state that the
+        <code>EncryptInterceptor</code> does not provide sufficient protection
+        to run Tomcat clustering over an untrusted network. This is
+        CVE-2022-29885. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Other">
diff --git a/webapps/docs/cluster-howto.xml b/webapps/docs/cluster-howto.xml
index 076ef93e3a..2edaf71d35 100644
--- a/webapps/docs/cluster-howto.xml
+++ b/webapps/docs/cluster-howto.xml
@@ -127,9 +127,13 @@ Tomcat cluster. These include:</p>
   <li>private LAN</li>
   <li>a Virtual Private Network (VPN)</li>
   <li>IPSEC</li>
-  <li>Encrypt cluster traffic using the <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li>
 </ul>
 
+<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a>
+provides confidentiality and integrity protection but it does not protect
+against all risks associated with running a Tomcat cluster on an untrusted
+network, particularly DoS attacks.</p>
+
 </section>
 
 <section name="Cluster Basics">
diff --git a/webapps/docs/config/cluster.xml b/webapps/docs/config/cluster.xml
index 0535b4a4d4..03dbf4b693 100644
--- a/webapps/docs/config/cluster.xml
+++ b/webapps/docs/config/cluster.xml
@@ -52,12 +52,16 @@ to run a cluster on a insecure, untrusted network.</p>
 <p>There are many options for providing a secure, trusted network for use by a
 Tomcat cluster. These include:</p>
 <ul>
-  <li><a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a></li>
   <li>private LAN</li>
   <li>a Virtual Private Network (VPN)</li>
   <li>IPSEC</li>
 </ul>
 
+<p>The <a href="cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a>
+provides confidentiality and integrity protection but it does not protect
+against all risks associated with running a Tomcat cluster on an untrusted
+network, particularly DoS attacks.</p>
+
 </section>
 <section name="Engine vs Host placement">
   <p>
diff --git a/webapps/docs/security-howto.xml b/webapps/docs/security-howto.xml
index bd60acb4c2..c437558f11 100644
--- a/webapps/docs/security-howto.xml
+++ b/webapps/docs/security-howto.xml
@@ -477,10 +477,12 @@
       trusted network is used for all of the cluster related network traffic. It
       is not safe to run a cluster on a insecure, untrusted network.</p>
 
-      <p>If you are operating on an untrusted network or would prefer to
-      exercise an over-abundance of caution, you can use the
+      <p>If you require confidentiality and/or integrity protection then you can
+      use the
       <a href="config/cluster-interceptor.html#org.apache.catalina.tribes.group.interceptors.EncryptInterceptor_Attributes">EncryptInterceptor</a>
-      to encrypt traffic between nodes.</p>
+      to encrypt traffic between nodes. This interceptor does not protect
+      against all the risks of running on an untrusted network, particularly
+      DoS attacks.</p>
     </subsection>
   </section>
 


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org