[jira] [Commented] (HBASE-19741) Port CSRF prevention filter (HBASE-15187) to the HBase Thrift server

Ruslan Dautkhanov (JIRA) Tue, 09 Jan 2018 14:37:21 -0800

    [ 
https://issues.apache.org/jira/browse/HBASE-19741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16319325#comment-16319325
 ]


Ruslan Dautkhanov commented on HBASE-19741:
-------------------------------------------

Thank you [~esteban]. Our security scanner shows HBase Thrift service is 
vulnerable to CVE-2010-0386, CVE-2009-2823, CVE-2008-7253, CVE-2007-3008, 
CVE-2006-4683, CVE-2005-3398, CVE-2004-2763, CVE-2004-2320 because of this 
problem. 


> Port CSRF prevention filter (HBASE-15187) to the HBase Thrift server
> --------------------------------------------------------------------
>
>                 Key: HBASE-19741
>                 URL: https://issues.apache.org/jira/browse/HBASE-19741
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Esteban Gutierrez
>            Priority: Minor
>
> Our thrift server is prone to the same CSRF issue described in HBASE-15187. 
> Even it only affects browsers it triggers a positive match in some 
> venerability scanners even there is no real impact. We should correct our 
> headers in the HBase Thrift server to avoid that problem.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (HBASE-19741) Port CSRF prevention filter (HBASE-15187) to the HBase Thrift server

Reply via email to