[ZOOKEEPER-3772] JettyAdminServer should not allow HTTP TRACE method - ASF JIRA

Log work

Agile Board

Rank to Top

Rank to Bottom

Attach files

Attach Screenshot

Bulk Copy Attachments

Bulk Move Attachments

Voters

Watch issue

Watchers

Create sub-task

Convert to sub-task

Move

Link

Clone

Labels

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.6.1, 3.5.8
Fix Version/s: 3.5.9, 3.7.0, 3.6.2
Component/s: None
Labels:
- pull-request-available

Description

When I upgrade my zookeeper cluster to 3.5.7, a nessus scan pinged the cluster because the 8080 port of JettyAdminServer allows HTTP TRACE method.

Attachments

ZOOKEEPER-3772-1.patch
28/Mar/20 04:45
4 kB
Jinjiang Ling

Issue Links

Add Link

links to

GitHub Pull Request #1296

Delete this link

Github Pull Request #1349

Delete this link

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Unassigned Assign to me

Reporter:: Jinjiang Ling

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 28/Mar/20 04:42

Updated:: 10/Sep/20 10:43

Resolved:: 05/May/20 07:22

Time Tracking

Log work

Estimated:

Not Specified

Remaining:

Logged:

Agile

View on Board

JettyAdminServer should not allow HTTP TRACE method

Details

Description

Attachments

Attachments

Issue Links

Activity

People

Dates

Time Tracking

Agile

Slack

Issue deployment