[ https://issues.apache.org/jira/browse/HADOOP-13299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15414231#comment-15414231 ]
Hudson commented on HADOOP-13299: --------------------------------- SUCCESS: Integrated in Hadoop-trunk-Commit #10248 (See [https://builds.apache.org/job/Hadoop-trunk-Commit/10248/]) HADOOP-13299. JMXJsonServlet is vulnerable to TRACE. (Haibo Chen via (kasha: rev 85422bb7c5d3e70a49f620ba1c8800e0ba4b64f2) * hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/jmx/TestJMXJsonServlet.java * hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java > JMXJsonServlet is vulnerable to TRACE > -------------------------------------- > > Key: HADOOP-13299 > URL: https://issues.apache.org/jira/browse/HADOOP-13299 > Project: Hadoop Common > Issue Type: Bug > Reporter: Haibo Chen > Assignee: Haibo Chen > Priority: Minor > Fix For: 2.8.0 > > Attachments: hadoop13299.001.patch > > > Nessus scan shows that JMXJsonServlet is vulnerable to TRACE/TRACK requests. > We could disable this to avoid such vulnerability. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org