'TCAT-AS-000860 - Clusters must operate on a trusted network.' (Vuln ID: V-222974)

book

Article ID: 224378

calendar_today

Updated On:

Products

CA Spectrum

Issue/Introduction

Is DX Netops Spectrum using Tomcat Cluster?

Operating a Tomcat cluster on an untrusted network creates potential for unauthorized persons to view or manipulate cluster session traffic. When operating a Tomcat cluster, care must be taken to isolate the cluster traffic from untrusted sources. Options include using a private VLAN, VPN, or IPSEC tunnel or by encrypting cluster traffic by using the EncryptInterceptor. The EncryptInterceptor adds encryption to the channel messages carrying session data between Tomcat cluster nodes.

Place the <Cluster> element inside either the <Engine> container or the <Host> container.

Placing it in the engine means supporting clustering in all virtual hosts of Tomcat and sharing the messaging component. When the user places the <Cluster> inside the <Engine> element, the cluster will append the host name of each session manager to the manager's name so that two contexts with the same name (but sitting inside two different hosts) will be distinguishable.

Environment

Release : 21.2

 

Resolution

DX Netops Spectrum Tomcat does not have Cluster configured out of the box. 

21.2.2 default server.xml:

Attachments