Andy LoPresto created NIFI-7962:
-----------------------------------
Summary: NiFi should not respond with HTTP 500 errors for HTTP
TRACK request
Key: NIFI-7962
URL: https://issues.apache.org/jira/browse/NIFI-7962
Project: Apache NiFi
Issue Type: Improvement
Components: Core Framework
Affects Versions: 1.12.1
Reporter: Andy LoPresto
The HTTP {{TRACK}} method was not specified in RFC 2068 [1] for HTTP 1.1 but is
now available on some clients. NiFi currently responds to these requests with a
500 Internal Server Error page which reveals the version of the servlet API
being used but does not contain any sensitive information. As NiFi is an open
source project, the servlet API version would already be readily available to
an attacker.
The error page should be generic to obscure the servlet API version.
[1] https://tools.ietf.org/html/rfc2068
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
