svn commit: r1920229 - in /tomcat/site/trunk: docs/security-model.html xdocs/security-model.xml

Tue, 27 Aug 2024 08:59:16 -0700 

Author: markt
Date: Tue Aug 27 15:59:06 2024
New Revision: 1920229

URL: http://svn.apache.org/viewvc?rev=1920229&view=rev
Log:
Update after review from schultz - only small parts of AJP is trusted

Modified:
    tomcat/site/trunk/docs/security-model.html
    tomcat/site/trunk/xdocs/security-model.xml

Modified: tomcat/site/trunk/docs/security-model.html
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/docs/security-model.html?rev=1920229&r1=1920228&r2=1920229&view=diff
==============================================================================
--- tomcat/site/trunk/docs/security-model.html (original)
+++ tomcat/site/trunk/docs/security-model.html Tue Aug 27 15:59:06 2024
@@ -13,7 +13,13 @@
       <li>Vulnerabilities in deployed web applications are application
           vulnerabilities, not Tomcat vulnerabilities.</li>
       <li>Data received by an HTTP connector is untrusted.</li>
-      <li>Data received by an AJP connector is trusted.</li>
+      <li>Data received by an AJP connector is untrusted apart from:
+        <ul>
+          <li>The standard request attributes and any arbitrary request
+              attributes permitted by
+              <code>allowedRequestAttributesPattern</code></li>
+        </ul>
+      </li>
       <li>JMX is an administrative interface and users with access to it are
           trusted.</li>
       <li>The Manager and Host manager web applications are administrative

Modified: tomcat/site/trunk/xdocs/security-model.xml
URL: 
http://svn.apache.org/viewvc/tomcat/site/trunk/xdocs/security-model.xml?rev=1920229&r1=1920228&r2=1920229&view=diff
==============================================================================
--- tomcat/site/trunk/xdocs/security-model.xml (original)
+++ tomcat/site/trunk/xdocs/security-model.xml Tue Aug 27 15:59:06 2024
@@ -21,7 +21,13 @@
       <li>Vulnerabilities in deployed web applications are application
           vulnerabilities, not Tomcat vulnerabilities.</li>
       <li>Data received by an HTTP connector is untrusted.</li>
-      <li>Data received by an AJP connector is trusted.</li>
+      <li>Data received by an AJP connector is untrusted apart from:
+        <ul>
+          <li>The standard request attributes and any arbitrary request
+              attributes permitted by
+              <code>allowedRequestAttributesPattern</code></li>
+        </ul>
+      </li>
       <li>JMX is an administrative interface and users with access to it are
           trusted.</li>
       <li>The Manager and Host manager web applications are administrative



---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to