[
https://issues.apache.org/jira/browse/ACCUMULO-2720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13978890#comment-13978890
]
ASF subversion and git services commented on ACCUMULO-2720:
-----------------------------------------------------------
Commit 9621701fd6d930952f82523b52c428dcf89a18dd in accumulo's branch
refs/heads/1.6.0-SNAPSHOT from [~ctubbsii]
[ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=9621701 ]
ACCUMULO-2720 Address some HTTP response splitting
URLEncode some parameters, and do some validation on redirects in the monitor
to mitigate HTTP response splitting vulnerabilities identified by FindBugs.
> [FindBugs] HTTP response splitting vulnerabilities in the OperationServlet
> --------------------------------------------------------------------------
>
> Key: ACCUMULO-2720
> URL: https://issues.apache.org/jira/browse/ACCUMULO-2720
> Project: Accumulo
> Issue Type: Sub-task
> Components: monitor
> Reporter: Christopher Tubbs
> Assignee: Christopher Tubbs
> Labels: findbugs
> Fix For: 1.6.1, 1.7.0
>
>
> FindBugs rank 5 bugs found [HTTP response
> splitting|https://en.wikipedia.org/wiki/HTTP_response_splitting]
> vulnerabilities in OperationServlet. FindBugs explicitly notes that it does
> only minimal checking for these bugs, so if it finds them, there are almost
> certainly more that it did not find. This ticket will fix those it found. Any
> others will have to be found by another, more comprehensive tool.
> This takes us up through rank 6 findbugs validation in the build.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
