Uploaded image for project: 'Hadoop HDFS'
  1. Hadoop HDFS
  2. HDFS-7505

Old hdfs .jsp pages need to be removed due to a security risk

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Critical
    • Resolution: Duplicate
    • 2.4.0, 2.4.1
    • None
    • None
    • None

    Description

      During a penetration test, by manually entering the URL for the dfshealth.jsp, its possible to circumvent security on the cluster.

      The issue was found in Hortonworks 2.1 but it is believed to exist in all of the Apache based distributions.

      Attachments

        Issue Links

          duplicates

          Improvement - An improvement or enhancement to an existing feature or task. HDFS-6252 Phase out the old web UI in HDFS

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Activity

            People

              Unassigned Unassigned
              msegel Michael Segel
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: