[jira] [Commented] (HADOOP-13299) JMXJsonServlet is vulnerable to TRACE

Hudson (JIRA) Tue, 09 Aug 2016 14:01:52 -0700

    [ 
https://issues.apache.org/jira/browse/HADOOP-13299?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15414231#comment-15414231
 ]


Hudson commented on HADOOP-13299:
---------------------------------

SUCCESS: Integrated in Hadoop-trunk-Commit #10248 (See 
[https://builds.apache.org/job/Hadoop-trunk-Commit/10248/])
HADOOP-13299. JMXJsonServlet is vulnerable to TRACE. (Haibo Chen via (kasha: 
rev 85422bb7c5d3e70a49f620ba1c8800e0ba4b64f2)
* 
hadoop-common-project/hadoop-common/src/test/java/org/apache/hadoop/jmx/TestJMXJsonServlet.java
* 
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/jmx/JMXJsonServlet.java


> JMXJsonServlet is vulnerable to TRACE 
> --------------------------------------
>
>                 Key: HADOOP-13299
>                 URL: https://issues.apache.org/jira/browse/HADOOP-13299
>             Project: Hadoop Common
>          Issue Type: Bug
>            Reporter: Haibo Chen
>            Assignee: Haibo Chen
>            Priority: Minor
>             Fix For: 2.8.0
>
>         Attachments: hadoop13299.001.patch
>
>
> Nessus scan shows that JMXJsonServlet is vulnerable to TRACE/TRACK requests.  
> We could disable this to avoid such vulnerability.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HADOOP-13299) JMXJsonServlet is vulnerable to TRACE

Reply via email to