accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (ACCUMULO-2720) [FindBugs] HTTP response splitting vulnerabilities in the OperationServlet
Date Wed, 23 Apr 2014 21:12:15 GMT

     [ https://issues.apache.org/jira/browse/ACCUMULO-2720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Christopher Tubbs resolved ACCUMULO-2720.
-----------------------------------------

       Resolution: Fixed
    Fix Version/s:     (was: 1.6.1)
                       (was: 1.7.0)
                   1.6.0

> [FindBugs] HTTP response splitting vulnerabilities in the OperationServlet
> --------------------------------------------------------------------------
>
>                 Key: ACCUMULO-2720
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2720
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: monitor
>            Reporter: Christopher Tubbs
>            Assignee: Christopher Tubbs
>              Labels: findbugs
>             Fix For: 1.6.0
>
>
> FindBugs rank 5 bugs found [HTTP response splitting|https://en.wikipedia.org/wiki/HTTP_response_splitting]
vulnerabilities in OperationServlet. FindBugs explicitly notes that it does only minimal checking
for these bugs, so if it finds them, there are almost certainly more that it did not find.
This ticket will fix those it found. Any others will have to be found by another, more comprehensive
tool.
> This takes us up through rank 6 findbugs validation in the build.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message