[
https://issues.apache.org/jira/browse/HBASE-19741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16319325#comment-16319325
]
Ruslan Dautkhanov commented on HBASE-19741:
-------------------------------------------
Thank you [~esteban]. Our security scanner shows HBase Thrift service is
vulnerable to CVE-2010-0386, CVE-2009-2823, CVE-2008-7253, CVE-2007-3008,
CVE-2006-4683, CVE-2005-3398, CVE-2004-2763, CVE-2004-2320 because of this
problem.
> Port CSRF prevention filter (HBASE-15187) to the HBase Thrift server
> --------------------------------------------------------------------
>
> Key: HBASE-19741
> URL: https://issues.apache.org/jira/browse/HBASE-19741
> Project: HBase
> Issue Type: Bug
> Reporter: Esteban Gutierrez
> Priority: Minor
>
> Our thrift server is prone to the same CSRF issue described in HBASE-15187.
> Even it only affects browsers it triggers a positive match in some
> venerability scanners even there is no real impact. We should correct our
> headers in the HBase Thrift server to avoid that problem.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
