[jira] [Resolved] (ATLAS-1271) dadad
[ https://issues.apache.org/jira/browse/ATLAS-1271?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Ayub Khan resolved ATLAS-1271. -- Resolution: Invalid > dadad > - > > Key: ATLAS-1271 > URL: https://issues.apache.org/jira/browse/ATLAS-1271 > Project: Atlas > Issue Type: Bug >Reporter: dreal hakim > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Commented] (ATLAS-1271) dadad
[ https://issues.apache.org/jira/browse/ATLAS-1271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15640616#comment-15640616 ] dreal hakim commented on ATLAS-1271: dadadada > dadad > - > > Key: ATLAS-1271 > URL: https://issues.apache.org/jira/browse/ATLAS-1271 > Project: Atlas > Issue Type: Bug >Reporter: dreal hakim > -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (ATLAS-1271) dadad
dreal hakim created ATLAS-1271: -- Summary: dadad Key: ATLAS-1271 URL: https://issues.apache.org/jira/browse/ATLAS-1271 Project: Atlas Issue Type: Bug Reporter: dreal hakim -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (ATLAS-1270) Atlas web server allows user to browse webapp directory
[ https://issues.apache.org/jira/browse/ATLAS-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Selvamohan Neethiraj updated ATLAS-1270: Environment: (was: HDP 2.4.2 and HDP 2.5) > Atlas web server allows user to browse webapp directory > --- > > Key: ATLAS-1270 > URL: https://issues.apache.org/jira/browse/ATLAS-1270 > Project: Atlas > Issue Type: Bug >Affects Versions: 0.5-incubating, 0.7-incubating >Reporter: Vipin Rathor > Attachments: atlas-dir-listing-allowed.png, > atlas-dir-listing-forbidden-with-patch.png, atlas-disable-dir-list.patch > > > Currently any (even non-authenticated) user can access the webapp directory > structure by pointing to URIs like http://localhost:21000/lib, > http://localhost:21000/js and http://localhost:21000/img > This could lead to some serious exploits. > As a fix, the embedded Jetty server (including the secure one) should disable > the directory listing. > I'm submitting a basic patch which I tested with non-secure embedded server > only. Since this is my first patch, I'm looking for any feedback so that I > can submit better patches in future. > Thanks. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (ATLAS-1270) Atlas web server allows user to browse webapp directory
[ https://issues.apache.org/jira/browse/ATLAS-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Selvamohan Neethiraj updated ATLAS-1270: Labels: (was: security) > Atlas web server allows user to browse webapp directory > --- > > Key: ATLAS-1270 > URL: https://issues.apache.org/jira/browse/ATLAS-1270 > Project: Atlas > Issue Type: Bug >Affects Versions: 0.5-incubating, 0.7-incubating >Reporter: Vipin Rathor > Attachments: atlas-dir-listing-allowed.png, > atlas-dir-listing-forbidden-with-patch.png, atlas-disable-dir-list.patch > > > Currently any (even non-authenticated) user can access the webapp directory > structure by pointing to URIs like http://localhost:21000/lib, > http://localhost:21000/js and http://localhost:21000/img > This could lead to some serious exploits. > As a fix, the embedded Jetty server (including the secure one) should disable > the directory listing. > I'm submitting a basic patch which I tested with non-secure embedded server > only. Since this is my first patch, I'm looking for any feedback so that I > can submit better patches in future. > Thanks. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (ATLAS-1270) Atlas web server allows user to browse webapp directory
[ https://issues.apache.org/jira/browse/ATLAS-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vipin Rathor updated ATLAS-1270: Attachment: atlas-dir-listing-forbidden-with-patch.png atlas-dir-listing-allowed.png > Atlas web server allows user to browse webapp directory > --- > > Key: ATLAS-1270 > URL: https://issues.apache.org/jira/browse/ATLAS-1270 > Project: Atlas > Issue Type: Bug >Affects Versions: 0.5-incubating, 0.7-incubating > Environment: HDP 2.4.2 and HDP 2.5 >Reporter: Vipin Rathor > Labels: security > Attachments: atlas-dir-listing-allowed.png, > atlas-dir-listing-forbidden-with-patch.png, atlas-disable-dir-list.patch > > > Currently any (even non-authenticated) user can access the webapp directory > structure by pointing to URIs like http://localhost:21000/lib, > http://localhost:21000/js and http://localhost:21000/img > This could lead to some serious exploits. > As a fix, the embedded Jetty server (including the secure one) should disable > the directory listing. > I'm submitting a basic patch which I tested with non-secure embedded server > only. Since this is my first patch, I'm looking for any feedback so that I > can submit better patches in future. > Thanks. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Updated] (ATLAS-1270) Atlas web server allows user to browse webapp directory
[ https://issues.apache.org/jira/browse/ATLAS-1270?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Vipin Rathor updated ATLAS-1270: Attachment: atlas-disable-dir-list.patch > Atlas web server allows user to browse webapp directory > --- > > Key: ATLAS-1270 > URL: https://issues.apache.org/jira/browse/ATLAS-1270 > Project: Atlas > Issue Type: Bug >Affects Versions: 0.5-incubating, 0.7-incubating > Environment: HDP 2.4.2 and HDP 2.5 >Reporter: Vipin Rathor > Labels: security > Attachments: atlas-disable-dir-list.patch > > > Currently any (even non-authenticated) user can access the webapp directory > structure by pointing to URIs like http://localhost:21000/lib, > http://localhost:21000/js and http://localhost:21000/img > This could lead to some serious exploits. > As a fix, the embedded Jetty server (including the secure one) should disable > the directory listing. > I'm submitting a basic patch which I tested with non-secure embedded server > only. Since this is my first patch, I'm looking for any feedback so that I > can submit better patches in future. > Thanks. -- This message was sent by Atlassian JIRA (v6.3.4#6332)
[jira] [Created] (ATLAS-1270) Atlas web server allows user to browse webapp directory
Vipin Rathor created ATLAS-1270: --- Summary: Atlas web server allows user to browse webapp directory Key: ATLAS-1270 URL: https://issues.apache.org/jira/browse/ATLAS-1270 Project: Atlas Issue Type: Bug Affects Versions: 0.5-incubating, 0.7-incubating Environment: HDP 2.4.2 and HDP 2.5 Reporter: Vipin Rathor Currently any (even non-authenticated) user can access the webapp directory structure by pointing to URIs like http://localhost:21000/lib, http://localhost:21000/js and http://localhost:21000/img This could lead to some serious exploits. As a fix, the embedded Jetty server (including the secure one) should disable the directory listing. I'm submitting a basic patch which I tested with non-secure embedded server only. Since this is my first patch, I'm looking for any feedback so that I can submit better patches in future. Thanks. -- This message was sent by Atlassian JIRA (v6.3.4#6332)