accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-2720) [FindBugs] HTTP response splitting vulnerabilities in the OperationServlet
Date Wed, 23 Apr 2014 22:10:16 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-2720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13978993#comment-13978993
] 

Christopher Tubbs commented on ACCUMULO-2720:
---------------------------------------------

This bug is fixed at FindBugs rank 5 checks, but comes back at rank 7. I'm not really sure
it can be removed entirely, until the monitor is seriously refactored and we get rid of all
the server-side refresh stuff.

> [FindBugs] HTTP response splitting vulnerabilities in the OperationServlet
> --------------------------------------------------------------------------
>
>                 Key: ACCUMULO-2720
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2720
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: monitor
>            Reporter: Christopher Tubbs
>            Assignee: Christopher Tubbs
>              Labels: findbugs
>             Fix For: 1.6.0
>
>
> FindBugs rank 5 bugs found [HTTP response splitting|https://en.wikipedia.org/wiki/HTTP_response_splitting]
vulnerabilities in OperationServlet. FindBugs explicitly notes that it does only minimal checking
for these bugs, so if it finds them, there are almost certainly more that it did not find.
This ticket will fix those it found. Any others will have to be found by another, more comprehensive
tool.
> This takes us up through rank 6 findbugs validation in the build.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message