[ https://issues.apache.org/jira/browse/HBASE-19741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16319325#comment-16319325 ]
Ruslan Dautkhanov commented on HBASE-19741: ------------------------------------------- Thank you [~esteban]. Our security scanner shows HBase Thrift service is vulnerable to CVE-2010-0386, CVE-2009-2823, CVE-2008-7253, CVE-2007-3008, CVE-2006-4683, CVE-2005-3398, CVE-2004-2763, CVE-2004-2320 because of this problem. > Port CSRF prevention filter (HBASE-15187) to the HBase Thrift server > -------------------------------------------------------------------- > > Key: HBASE-19741 > URL: https://issues.apache.org/jira/browse/HBASE-19741 > Project: HBase > Issue Type: Bug > Reporter: Esteban Gutierrez > Priority: Minor > > Our thrift server is prone to the same CSRF issue described in HBASE-15187. > Even it only affects browsers it triggers a positive match in some > venerability scanners even there is no real impact. We should correct our > headers in the HBase Thrift server to avoid that problem. -- This message was sent by Atlassian JIRA (v6.4.14#64029)