[jira] [Commented] (IMPALA-7859) Nessus Scan find CGI Generic SQL Injection.

Donghui Xu (JIRA) Sun, 18 Nov 2018 23:20:17 -0800


    [ 
https://issues.apache.org/jira/browse/IMPALA-7859?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16691331#comment-16691331
 ]


Donghui Xu commented on IMPALA-7859:
------------------------------------

[~lv] Hi, Lars, would you have a look at this issue please? Thanks.

> Nessus Scan find CGI Generic SQL Injection.
> -------------------------------------------
>
>                 Key: IMPALA-7859
>                 URL: https://issues.apache.org/jira/browse/IMPALA-7859
>             Project: IMPALA
>          Issue Type: Bug
>          Components: Backend
>    Affects Versions: Impala 2.10.0
>            Reporter: Donghui Xu
>            Priority: Major
>
> The nessus scan report shows that the 25000 port and the 25020 port contain 
> the risk of SQL injection, as follows:
> + The following resources may be vulnerable to blind SQL injection :
> + The 'object_type' parameter of the /catalog_object CGI :
> /catalog_object?object_name=_impala_builtins&object_type=DATABASEzz_impa
> la_builtins&object_type=DATABASEyy
> How can I solve this problem? Thanks.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-all-unsubscr...@impala.apache.org
For additional commands, e-mail: issues-all-h...@impala.apache.org

[jira] [Commented] (IMPALA-7859) Nessus Scan find CGI Generic SQL Injection.

Reply via email to