[jira] [Created] (HIVE-22533) Fix possible LLAP daemon web UI vulnerabilities

Jira Mon, 25 Nov 2019 02:01:15 -0800

Ádám Szita created HIVE-22533:
---------------------------------

             Summary: Fix possible LLAP daemon web UI vulnerabilities
                 Key: HIVE-22533
                 URL: https://issues.apache.org/jira/browse/HIVE-22533
             Project: Hive
          Issue Type: Improvement
          Components: llap
            Reporter: Ádám Szita
            Assignee: Ádám Szita



Security tools that look for possible vulnerabilities find issues with LLAP 
daemon web UI:
 * *dir listing* for _images,css,js_ folders 

 * *missing X-Frame-Options response header* in the response

Similarly we should disable dir listing on HS2 web UI /static page too, as it 
is of no use anyway.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Created] (HIVE-22533) Fix possible LLAP daemon web UI vulnerabilities

Reply via email to