Uploaded image for project: 'Hadoop Common'
  1. Hadoop Common
  2. HADOOP-6441

Prevent remote CSS attacks in Hostname and UTF-7.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.21.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      Quotes the characters coming out of getRequestUrl and getServerName in HttpServer.java as per the specification in HADOOP-6151.
      Show
      Quotes the characters coming out of getRequestUrl and getServerName in HttpServer.java as per the specification in HADOOP-6151 .

      Description

      There are currently vulnerabilities for CSS in Hadoop's Web UI that allow CSS attacks.

        Attachments

        1. h-6441.patch
          2 kB
          Owen O'Malley
        2. h-6441.20.patch
          21 kB
          Owen O'Malley

          Activity

            People

            • Assignee:
              owen.omalley Owen O'Malley
              Reporter:
              owen.omalley Owen O'Malley
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: