chukwa-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julio Conca (Created) (JIRA)" <>
Subject [jira] [Created] (CHUKWA-619) Disable Trace Method on Collector's Port
Date Wed, 14 Dec 2011 09:08:30 GMT
Disable Trace Method on Collector's Port

                 Key: CHUKWA-619
             Project: Chukwa
          Issue Type: Wish
          Components: data collection
    Affects Versions: 0.4.0
         Environment: Debian 5.0, Hadoop 0.20
            Reporter: Julio Conca
            Priority: Trivial

After a safety auditory of our client. He notified us the next vulnerability at port 8081
(Collector port).
HTTP TRACE / TRACK Methods Allowed

I think this is a good documentation over the vulnerability.

We add the following code to all the collector's servlets to solve the problem.
protected void doTrace(HttpServletRequest req, HttpServletResponse resp) throws ServletException,
IOException {

The collector's servlets we fixed are.

Another solution could be to extend from jetty's DefaultServlet, but we didn't try. Our solution
is good enough for us.


This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:!default.jspa
For more information on JIRA, see:


View raw message