Hi!
I guess you should forward that information to GridGain as web console
is not part of Apache Ignite.
Mikael
Den 2019-12-10 kl. 13:10, skrev Prasad Bhalerao:
Hi,
We found 3 vulnerabilities while scanning Grid Gain Web console
application.
We are using HTTP and not HTTPS due to some issues on our side.
Although vulnerabilities are of lower severity, but thought of
reporting it here.
1) HTTP TRACE / TRACK Methods Enabled. (CVE-2004-2320
<https://nvd.nist.gov/vuln/detail/CVE-2004-2320>, CVE-2010-0386
<https://nvd.nist.gov/vuln/detail/CVE-2010-0386>, CVE-2003-1567
<https://nvd.nist.gov/vuln/detail/CVE-2003-1567>)
2) Session Cookie Does Not Contain the "Secure" Attribute.
3) Web Server HTTP Trace/Track Method Support Cross-Site Tracing
Vulnerability. (CVE-2004-2320
<https://nvd.nist.gov/vuln/detail/CVE-2004-2320>, CVE-2007-3008
<https://nvd.nist.gov/vuln/detail/CVE-2007-3008>)
Can these be fixed?
Thanks,
Prasad
On Tue, Dec 10, 2019 at 4:39 PM Denis Magda <[email protected]
<mailto:[email protected]>> wrote:
It's free software without limitations. Just download and use it.
-
Denis
On Tue, Dec 10, 2019 at 1:21 PM Prasad Bhalerao
<[email protected]
<mailto:[email protected]>> wrote:
Hi,
Can apache ignite users use it for free in their production
environments?
What license does it fall under?
Thanks,
Prasad
On Fri, Oct 4, 2019 at 5:33 AM Denis Magda <[email protected]
<mailto:[email protected]>> wrote:
Igniters,
There is good news. GridGain made its distribution of Web
Console
completely free. It goes with advanced monitoring and
management dashboard
and other handy screens. More details are here:
https://www.gridgain.com/resources/blog/gridgain-road-simplicity-new-docs-and-free-tools-apache-ignite
-
Denis
