[jira] [Commented] (HADOOP-7729) Send back valid HTTP response if user hits IPC port with HTTP GET

Tue, 23 Apr 2019 00:03:24 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-7729?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16823754#comment-16823754
 ] 

Doris Gu commented on HADOOP-7729:
----------------------------------

h2. I used Nessus to scan my hadoop, and got the following report. I believe it 
has some relation with this issue, any opinions? Thanks very much!
|11409 - ePolicy Orchestrator HTTP GET Request Remote Format 
String|tcp/50020|Critical|
|11801 - HTTP Method Remote Format String|tcp/50020|Critical|
|17231 - CERN httpd CGI Name Handling Remote Overflow|tcp/50020|High|
|12201 - Web Server HTTP Basic Authorization Header Remote Overflow 
DoS|tcp/50020|High|
|10320 - Web Server Long URL Handling Remote Overflow DoS|tcp/50020|High|
|11089 - IBM Tivoli SecureWay WebSEAL Proxy Policy Director Encoded URL 
DoS|tcp/50020|Medium|
|11063 - LabVIEW Web Server HTTP Get Newline DoS|tcp/50020|Medium|
|10160 - Nortel Contivity HTTP Server cgiproc Special Character 
DoS|tcp/50020|Medium|
| | | |
|11409 - ePolicy Orchestrator HTTP GET Request Remote Format 
String|tcp/8485|Critical|
|11065 - Web Server HTTP Method Handling Remote Overflow|tcp/8485|High|
|10496 - IMail Host: Header Field Handling Remote Overflow|tcp/8485|Medium|

> Send back valid HTTP response if user hits IPC port with HTTP GET
> -----------------------------------------------------------------
>
>                 Key: HADOOP-7729
>                 URL: https://issues.apache.org/jira/browse/HADOOP-7729
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: ipc
>    Affects Versions: 0.23.0
>            Reporter: Todd Lipcon
>            Assignee: Todd Lipcon
>            Priority: Major
>             Fix For: 2.0.0-alpha
>
>         Attachments: hadoop-7729.txt
>
>
> Often, I've seen users get confused between the IPC ports and HTTP ports for 
> a daemon. It would be easy for us to detect when an HTTP GET request hits an 
> IPC port, and instead of sending back garbage, we can send back a valid HTTP 
> response explaining their mistake.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to