You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@accumulo.apache.org by "ASF subversion and git services (JIRA)" <ji...@apache.org> on 2014/04/23 23:00:26 UTC
[jira] [Commented] (ACCUMULO-2720) [FindBugs] HTTP response
splitting vulnerabilities in the OperationServlet
[ https://issues.apache.org/jira/browse/ACCUMULO-2720?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13978890#comment-13978890 ]
ASF subversion and git services commented on ACCUMULO-2720:
-----------------------------------------------------------
Commit 9621701fd6d930952f82523b52c428dcf89a18dd in accumulo's branch refs/heads/1.6.0-SNAPSHOT from [~ctubbsii]
[ https://git-wip-us.apache.org/repos/asf?p=accumulo.git;h=9621701 ]
ACCUMULO-2720 Address some HTTP response splitting
URLEncode some parameters, and do some validation on redirects in the monitor
to mitigate HTTP response splitting vulnerabilities identified by FindBugs.
> [FindBugs] HTTP response splitting vulnerabilities in the OperationServlet
> --------------------------------------------------------------------------
>
> Key: ACCUMULO-2720
> URL: https://issues.apache.org/jira/browse/ACCUMULO-2720
> Project: Accumulo
> Issue Type: Sub-task
> Components: monitor
> Reporter: Christopher Tubbs
> Assignee: Christopher Tubbs
> Labels: findbugs
> Fix For: 1.6.1, 1.7.0
>
>
> FindBugs rank 5 bugs found [HTTP response splitting|https://en.wikipedia.org/wiki/HTTP_response_splitting] vulnerabilities in OperationServlet. FindBugs explicitly notes that it does only minimal checking for these bugs, so if it finds them, there are almost certainly more that it did not find. This ticket will fix those it found. Any others will have to be found by another, more comprehensive tool.
> This takes us up through rank 6 findbugs validation in the build.
--
This message was sent by Atlassian JIRA
(v6.2#6252)