Return-Path: 
 <notifications-return-20619-apmail-accumulo-notifications-archive=accumulo.apache.org@accumulo.apache.org>
X-Original-To: apmail-accumulo-notifications-archive@minotaur.apache.org
Delivered-To: apmail-accumulo-notifications-archive@minotaur.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 500B511808
	for <apmail-accumulo-notifications-archive@minotaur.apache.org>;
 Wed, 23 Apr 2014 21:12:29 +0000 (UTC)
Received: (qmail 59400 invoked by uid 500); 23 Apr 2014 21:12:16 -0000
Delivered-To: apmail-accumulo-notifications-archive@accumulo.apache.org
Received: (qmail 59339 invoked by uid 500); 23 Apr 2014 21:12:16 -0000
Mailing-List: contact notifications-help@accumulo.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:notifications-help@accumulo.apache.org>
List-Unsubscribe: <mailto:notifications-unsubscribe@accumulo.apache.org>
List-Post: <mailto:notifications@accumulo.apache.org>
List-Id: <notifications.accumulo.apache.org>
Reply-To: jira@apache.org
Delivered-To: mailing list notifications@accumulo.apache.org
Received: (qmail 59320 invoked by uid 99); 23 Apr 2014 21:12:15 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Apr 2014 21:12:15 +0000
Date: Wed, 23 Apr 2014 21:12:15 +0000 (UTC)
From: "Christopher Tubbs (JIRA)" <jira@apache.org>
To: notifications@accumulo.apache.org
Message-ID: <JIRA.12709854.1398195668003.166912.1398287535504@arcas>
In-Reply-To: <JIRA.12709854.1398195668003@arcas>
References: <JIRA.12709854.1398195668003@arcas>
Subject: [jira] [Resolved] (ACCUMULO-2720) [FindBugs] HTTP response
 splitting vulnerabilities in the OperationServlet
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/ACCUMULO-2720?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Christopher Tubbs resolved ACCUMULO-2720.
-----------------------------------------

       Resolution: Fixed
    Fix Version/s:     (was: 1.6.1)
                       (was: 1.7.0)
                   1.6.0

> [FindBugs] HTTP response splitting vulnerabilities in the OperationServlet
> --------------------------------------------------------------------------
>
>                 Key: ACCUMULO-2720
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-2720
>             Project: Accumulo
>          Issue Type: Sub-task
>          Components: monitor
>            Reporter: Christopher Tubbs
>            Assignee: Christopher Tubbs
>              Labels: findbugs
>             Fix For: 1.6.0
>
>
> FindBugs rank 5 bugs found [HTTP response splitting|https://en.wikipedia.org/wiki/HTTP_response_splitting] vulnerabilities in OperationServlet. FindBugs explicitly notes that it does only minimal checking for these bugs, so if it finds them, there are almost certainly more that it did not find. This ticket will fix those it found. Any others will have to be found by another, more comprehensive tool.
> This takes us up through rank 6 findbugs validation in the build.



--
This message was sent by Atlassian JIRA
(v6.2#6252)