Michael Segel created HDFS-7505:
------------------------------------
Summary: Old hdfs .jsp pages need to be removed due to a security
risk
Key: HDFS-7505
URL: https://issues.apache.org/jira/browse/HDFS-7505
Project: Hadoop HDFS
Issue Type: Bug
Affects Versions: 2.4.1, 2.4.0
Reporter: Michael Segel
Priority: Critical
During a penetration test, by manually entering the URL for the dfshealth.jsp,
its possible to circumvent security on the cluster.
The issue was found in Hortonworks 2.1 but it is believed to exist in all of
the Apache based distributions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
