Hadoop Common
  1. Hadoop Common
  2. HADOOP-6441

Prevent remote CSS attacks in Hostname and UTF-7.

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.21.0
    • Component/s: security
    • Labels:
      None
    • Hadoop Flags:
      Reviewed
    • Release Note:
      Hide
      Quotes the characters coming out of getRequestUrl and getServerName in HttpServer.java as per the specification in HADOOP-6151.
      Show
      Quotes the characters coming out of getRequestUrl and getServerName in HttpServer.java as per the specification in HADOOP-6151 .

      Description

      There are currently vulnerabilities for CSS in Hadoop's Web UI that allow CSS attacks.

      1. h-6441.patch
        2 kB
        Owen O'Malley
      2. h-6441.20.patch
        21 kB
        Owen O'Malley

        Activity

          People

          • Assignee:
            Owen O'Malley
            Reporter:
            Owen O'Malley
          • Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development