hadoop-hdfs-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Segel (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HDFS-7505) Old hdfs .jsp pages need to be removed due to a security risk
Date Wed, 10 Dec 2014 10:23:12 GMT
Michael Segel  created HDFS-7505:
------------------------------------

             Summary: Old hdfs .jsp pages need to be removed due to a security risk
                 Key: HDFS-7505
                 URL: https://issues.apache.org/jira/browse/HDFS-7505
             Project: Hadoop HDFS
          Issue Type: Bug
    Affects Versions: 2.4.1, 2.4.0
            Reporter: Michael Segel 
            Priority: Critical


During a penetration test, by manually entering the URL for the dfshealth.jsp, its possible
to circumvent security on the cluster. 

The issue was found in Hortonworks 2.1 but it is believed to exist in all of the Apache based
distributions.






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message