You are viewing a plain text version of this content. The canonical link for it is here.
Posted to yarn-issues@hadoop.apache.org by "Varun Saxena (JIRA)" <ji...@apache.org> on 2017/03/16 19:31:41 UTC
[jira] [Comment Edited] (YARN-6352) Header injections are possible
in the application proxy servlet
[ https://issues.apache.org/jira/browse/YARN-6352?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15928695#comment-15928695 ]
Varun Saxena edited comment on YARN-6352 at 3/16/17 7:31 PM:
-------------------------------------------------------------
Apps#toAppId looks like a generic enough method which may not be only used for constructing a message which is sent back in HTTP response.
How about catching the exception in WebAppProxyServlet and then sending back a custom message?
was (Author: varun_saxena):
Apps#toAppId looks like a generic enough method which may not be only used for web pages.
How about catching the exception in WebAppProxyServlet and then sending back a custom message?
> Header injections are possible in the application proxy servlet
> ---------------------------------------------------------------
>
> Key: YARN-6352
> URL: https://issues.apache.org/jira/browse/YARN-6352
> Project: Hadoop YARN
> Issue Type: Bug
> Components: resourcemanager
> Affects Versions: 2.8.0, 2.7.3, 3.0.0-alpha2
> Reporter: Naganarasimha G R
> Assignee: Naganarasimha G R
> Attachments: headerInjection.png, YARN-6352.001.patch
>
>
> This issue was found in WVS security tool.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscribe@hadoop.apache.org
For additional commands, e-mail: yarn-issues-help@hadoop.apache.org