[
https://issues.apache.org/jira/browse/RANGER-2365?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Velmurugan Periasamy deleted RANGER-2365:
-----------------------------------------
> [security] Admin webui - OPTIONS Method Enabled
> ------------------------------------------------
>
> Key: RANGER-2365
> URL: https://issues.apache.org/jira/browse/RANGER-2365
> Project: Ranger
> Issue Type: Bug
> Reporter: t oo
> Priority: Major
>
> |The OPTIONS method is used to determine what other methods the server
> supports for a given URL/resource. |
> |It was found that the application’s server supports the OPTIONS HTTP Method.
>
> Details of HTTP Request and HTTP Response, respectively.|
> |Business Impact/Attack Scenario| | | |
> |If the attacker is able to check what options the server accepts he may be
> able to utilize it such that he can put a malicious file into the server
> which may eventually grant him unauthorized access to different information.|
> |Recommendation| | | | |
> |If not required it is best to disable such feature or verify that the usage
> is properly limited to authorised users.|
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
