[01/50] [abbrv] hadoop git commit: HDFS-13636. Cross-Site Scripting vulnerability in HttpServer2 (Contributed by Haibo Yan via Daniel Templeton) [Forced Update!]

Tue, 05 Jun 2018 12:41:27 -0700 

Repository: hadoop
Updated Branches:
  refs/heads/YARN-1011 7826759b3 -> 5c5e34a93 (forced update)


HDFS-13636. Cross-Site Scripting vulnerability in HttpServer2
(Contributed by Haibo Yan via Daniel Templeton)

Change-Id: I28edde8125dd20d8d270f0e609d1c04d8173c8b7


Project: http://git-wip-us.apache.org/repos/asf/hadoop/repo
Commit: http://git-wip-us.apache.org/repos/asf/hadoop/commit/cba31949
Tree: http://git-wip-us.apache.org/repos/asf/hadoop/tree/cba31949
Diff: http://git-wip-us.apache.org/repos/asf/hadoop/diff/cba31949

Branch: refs/heads/YARN-1011
Commit: cba319499822a2475c60c43ea71f8e78237e139f
Parents: 1be05a3
Author: Daniel Templeton <templ...@apache.org>
Authored: Fri Jun 1 14:42:39 2018 -0700
Committer: Daniel Templeton <templ...@apache.org>
Committed: Fri Jun 1 14:42:39 2018 -0700

----------------------------------------------------------------------
 .../src/main/java/org/apache/hadoop/http/HttpServer2.java     | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/hadoop/blob/cba31949/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
----------------------------------------------------------------------
diff --git 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
index c273c78..2435671 100644
--- 
a/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
+++ 
b/hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
@@ -1420,8 +1420,11 @@ public final class HttpServer2 implements 
FilterContainer {
 
     if (servletContext.getAttribute(ADMINS_ACL) != null &&
         !userHasAdministratorAccess(servletContext, remoteUser)) {
-      response.sendError(HttpServletResponse.SC_FORBIDDEN, "User "
-          + remoteUser + " is unauthorized to access this page.");
+      response.sendError(HttpServletResponse.SC_FORBIDDEN,
+          "Unauthenticated users are not " +
+              "authorized to access this page.");
+      LOG.warn("User " + remoteUser + " is unauthorized to access the page "
+          + request.getRequestURI() + ".");
       return false;
     }
 


---------------------------------------------------------------------
To unsubscribe, e-mail: common-commits-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-commits-h...@hadoop.apache.org

Reply via email to