Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
Description
Security tools that look for possible vulnerabilities find issues with LLAP daemon web UI:
- dir listing for images,css,js folders
- missing X-Frame-Options response header in the response
Similarly we should disable dir listing on HS2 web UI /static page too, as it is of no use anyway.