You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Ruslan Dautkhanov (JIRA)" <ji...@apache.org> on 2018/01/09 22:37:01 UTC
[jira] [Commented] (HBASE-19741) Port CSRF prevention filter
(HBASE-15187) to the HBase Thrift server
[ https://issues.apache.org/jira/browse/HBASE-19741?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16319325#comment-16319325 ]
Ruslan Dautkhanov commented on HBASE-19741:
-------------------------------------------
Thank you [~esteban]. Our security scanner shows HBase Thrift service is vulnerable to CVE-2010-0386, CVE-2009-2823, CVE-2008-7253, CVE-2007-3008, CVE-2006-4683, CVE-2005-3398, CVE-2004-2763, CVE-2004-2320 because of this problem.
> Port CSRF prevention filter (HBASE-15187) to the HBase Thrift server
> --------------------------------------------------------------------
>
> Key: HBASE-19741
> URL: https://issues.apache.org/jira/browse/HBASE-19741
> Project: HBase
> Issue Type: Bug
> Reporter: Esteban Gutierrez
> Priority: Minor
>
> Our thrift server is prone to the same CSRF issue described in HBASE-15187. Even it only affects browsers it triggers a positive match in some venerability scanners even there is no real impact. We should correct our headers in the HBase Thrift server to avoid that problem.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)