atlas-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Selvamohan Neethiraj (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (ATLAS-1270) Atlas web server allows user to browse webapp directory
Date Sat, 05 Nov 2016 15:16:58 GMT

     [ https://issues.apache.org/jira/browse/ATLAS-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Selvamohan Neethiraj updated ATLAS-1270:
----------------------------------------
    Environment:     (was: HDP 2.4.2 and HDP 2.5)

> Atlas web server allows user to browse webapp directory
> -------------------------------------------------------
>
>                 Key: ATLAS-1270
>                 URL: https://issues.apache.org/jira/browse/ATLAS-1270
>             Project: Atlas
>          Issue Type: Bug
>    Affects Versions: 0.5-incubating, 0.7-incubating
>            Reporter: Vipin Rathor
>         Attachments: atlas-dir-listing-allowed.png, atlas-dir-listing-forbidden-with-patch.png,
atlas-disable-dir-list.patch
>
>
> Currently any (even non-authenticated) user can access the webapp directory structure
by pointing to URIs like http://localhost:21000/lib, http://localhost:21000/js and http://localhost:21000/img
> This could lead to some serious exploits.
> As a fix, the embedded Jetty server (including the secure one) should disable the directory
listing.
> I'm submitting a basic patch which I tested with non-secure embedded server only. Since
this is my first patch, I'm looking for any feedback so that I can submit better patches in
future.
> Thanks.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message