[HADOOP-6441] Prevent remote CSS attacks in Hostname and UTF-7. - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.21.0
Component/s: security
Labels:
None

Hadoop Flags:

Reviewed
Release Note:

Hide
Quotes the characters coming out of getRequestUrl and getServerName in HttpServer.java as per the specification in ~~HADOOP-6151~~.

Show
Quotes the characters coming out of getRequestUrl and getServerName in HttpServer.java as per the specification in HADOOP-6151 .

Description

There are currently vulnerabilities for CSS in Hadoop's Web UI that allow CSS attacks.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

h-6441.20.patch
16/Dec/09 05:56
21 kB
Owen O'Malley
h-6441.patch
15/Dec/09 08:27
2 kB
Owen O'Malley

Activity

People

Assignee:: Owen O'Malley

Reporter:: Owen O'Malley

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 14/Dec/09 22:33

Updated:: 24/Aug/10 20:41

Resolved:: 16/Dec/09 07:01