Skip to content

The AJP Connector is configured with secretRequired=“true” but the secret attribute is either null or “” after upgrade to 2.2.5 #20377

@manjunathkadrolli

Description

@manjunathkadrolli

Application fails to start with the below error. This happened after the upgrade from 2.1.9 to 2.2.5 and had to do this to avoid the Ghostcat vulnerability .

Caused by: java.lang.IllegalArgumentException: The AJP Connector is configured with secretRequired="true" but the secret attribute is either null or "". This combination is not valid. at org.apache.coyote.ajp.AbstractAjpProtocol.start(AbstractAjpProtocol.java:264) at org.apache.catalina.connector.Connector.startInternal(Connector.java:1035) ... 22 common frames omitted

reference : https://dev.lucee.org/t/tomcat-cve-2020-1938-ghostcat-ajp/6650/4

Metadata

Metadata

Assignees

No one assigned

    Labels

    status: invalidAn issue that we don't feel is valid

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions