[HIVE-22533] Fix possible LLAP daemon web UI vulnerabilities - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 4.0.0-alpha-1
Component/s: llap
Labels:
None

Description

Security tools that look for possible vulnerabilities find issues with LLAP daemon web UI:

dir listing for images,css,js folders

missing X-Frame-Options response header in the response

Similarly we should disable dir listing on HS2 web UI /static page too, as it is of no use anyway.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-22533.0.patch
25/Nov/19 12:06
11 kB
Ádám Szita

Activity

People

Assignee:: Ádám Szita

Reporter:: Ádám Szita

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 25/Nov/19 10:00

Updated:: 17/Nov/22 08:50

Resolved:: 26/Nov/19 10:48