Apache
/
hadoop
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

HDFS-13636. Cross-Site Scripting vulnerability in HttpServer2 

(Contributed by Haibo Yan via Daniel Templeton)

Change-Id: I28edde8125dd20d8d270f0e609d1c04d8173c8b7
This commit is contained in:
Daniel Templeton 2018-06-01 14:42:39 -07:00
parent 1be05a3623
commit cba3194998
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java
View File

@ -1420,8 +1420,11 @@ public final class HttpServer2 implements FilterContainer {
if (servletContext.getAttribute(ADMINS_ACL) != null && if (servletContext.getAttribute(ADMINS_ACL) != null &&
!userHasAdministratorAccess(servletContext, remoteUser)) { !userHasAdministratorAccess(servletContext, remoteUser)) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "User " response.sendError(HttpServletResponse.SC_FORBIDDEN,
+ remoteUser + " is unauthorized to access this page."); "Unauthenticated users are not " +
"authorized to access this page.");
LOG.warn("User " + remoteUser + " is unauthorized to access the page "
+ request.getRequestURI() + ".");
return false; return false;
} }