[
https://issues.apache.org/jira/browse/HADOOP-13299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15343261#comment-15343261
]
Haibo Chen commented on HADOOP-13299:
-------------------------------------
Hi [~steve_l] There is no specific CVE here. This is found in a network scan.
Is there any component relying on the TRACE? If not, we can disable it just in
case, which is exactly what the patch is doing.
If this needs to be discussed in the security mailing list first, I can start a
discussion there.
> JMXJsonServlet is vulnerable to TRACE
> --------------------------------------
>
> Key: HADOOP-13299
> URL: https://issues.apache.org/jira/browse/HADOOP-13299
> Project: Hadoop Common
> Issue Type: Bug
> Reporter: Haibo Chen
> Assignee: Haibo Chen
> Priority: Minor
> Attachments: hadoop13299.001.patch
>
>
> Nessus scan shows that JMXJsonServlet is vulnerable to TRACE/TRACK requests.
> We could disable this to avoid such vulnerability.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
