[ https://issues.apache.org/jira/browse/HDFS-7505?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Chris Nauroth resolved HDFS-7505. --------------------------------- Resolution: Duplicate > Old hdfs .jsp pages need to be removed due to a security risk > ------------------------------------------------------------- > > Key: HDFS-7505 > URL: https://issues.apache.org/jira/browse/HDFS-7505 > Project: Hadoop HDFS > Issue Type: Bug > Affects Versions: 2.4.0, 2.4.1 > Reporter: Michael Segel > Priority: Critical > > During a penetration test, by manually entering the URL for the > dfshealth.jsp, its possible to circumvent security on the cluster. > The issue was found in Hortonworks 2.1 but it is believed to exist in all of > the Apache based distributions. -- This message was sent by Atlassian JIRA (v6.3.4#6332)