Uploaded image for project: 'Hadoop YARN'
  1. Hadoop YARN
  2. YARN-6352

Header injections are possible in application proxy servlet

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.8.0, 2.7.3
    • Fix Version/s: 2.9.0, 2.8.2
    • Component/s: resourcemanager, security
    • Labels:
      None
    • Target Version/s:
    • Hadoop Flags:
      Reviewed

      Description

      This issue was found in WVS security tool.

        Attachments

        1. headerInjection.png
          136 kB
          Naganarasimha G R
        2. YARN-6352.001.patch
          2 kB
          Naganarasimha G R
        3. YARN-6352-branch-2.002.patch
          4 kB
          Naganarasimha G R
        4. YARN-6352-branch-2.003.patch
          4 kB
          Naganarasimha G R

          Activity

            People

            • Assignee:
              Naganarasimha Naganarasimha G R
              Reporter:
              Naganarasimha Naganarasimha G R
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: