[
https://issues.apache.org/jira/browse/SPARK-18664?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
meiyoula updated SPARK-18664:
-----------------------------
Description:
This was flagged a while ago during a routine security scan(AWVS): the
HTTP-based Spark services respond to an HTTP OPTIONS command.
HTTP OPTIONS method is enabled on this web server. The OPTIONS method provides
a list of the methods that are supported by the web server, it represents a
request for information about the communication options available on the
request/response chain identified by the Request-URI.
The OPTIONS method may expose sensitive information that may help an malicious
user to prepare more advanced attacks.
was:This was flagged a while ago during a routine security scan(AWVS): the
HTTP-based Spark services respond to an HTTP OPTIONS command.
> Don't respond to HTTP OPTIONS in HTTP-based UIs
> -----------------------------------------------
>
> Key: SPARK-18664
> URL: https://issues.apache.org/jira/browse/SPARK-18664
> Project: Spark
> Issue Type: Improvement
> Components: Web UI
> Reporter: meiyoula
> Priority: Minor
>
> This was flagged a while ago during a routine security scan(AWVS): the
> HTTP-based Spark services respond to an HTTP OPTIONS command.
> HTTP OPTIONS method is enabled on this web server. The OPTIONS method
> provides a list of the methods that are supported by the web server, it
> represents a request for information about the communication options
> available on the request/response chain identified by the Request-URI.
> The OPTIONS method may expose sensitive information that may help an
> malicious user to prepare more advanced attacks.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@spark.apache.org
For additional commands, e-mail: issues-h...@spark.apache.org
