[jira] Updated: (HADOOP-6441) Prevent remote CSS attacks in Hostname and UTF-7.

Devaraj Das (JIRA) Mon, 21 Dec 2009 17:54:48 -0800

     [ 
https://issues.apache.org/jira/browse/HADOOP-6441?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Devaraj Das updated HADOOP-6441:
--------------------------------

    Release Note: Quotes the characters coming out of getRequestUrl and 
getServerName in HttpServer.java as per the specification in HADOOP-6151.

> Prevent remote CSS attacks in Hostname and UTF-7.
> -------------------------------------------------
>
>                 Key: HADOOP-6441
>                 URL: https://issues.apache.org/jira/browse/HADOOP-6441
>             Project: Hadoop Common
>          Issue Type: Bug
>          Components: security
>            Reporter: Owen O'Malley
>            Assignee: Owen O'Malley
>             Fix For: 0.21.0
>
>         Attachments: h-6441.20.patch, h-6441.patch
>
>
> There are currently vulnerabilities for CSS in Hadoop's Web UI that allow CSS 
> attacks.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (HADOOP-6441) Prevent remote CSS attacks in Hostname and UTF-7.

Reply via email to