Skip to content

Commit 43e0506

Browse files
templedfccpds
templedf
authored and
ccpds
committed
HDFS-13636. Cross-Site Scripting vulnerability in HttpServer2
(Contributed by Haibo Yan via Daniel Templeton) Change-Id: I28edde8125dd20d8d270f0e609d1c04d8173c8b7 (cherry picked from commit cba3194) (cherry picked from commit ac7e6837bbe95007ad2950dfc70bed6ec21e1a2c)
1 parent 61bfa16 commit 43e0506

File tree

1 file changed

+5
-2
lines changed
  • hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http

1 file changed

+5
-2
lines changed

hadoop-common-project/hadoop-common/src/main/java/org/apache/hadoop/http/HttpServer2.java

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1348,8 +1348,11 @@ public static boolean hasAdministratorAccess(
13481348

13491349
if (servletContext.getAttribute(ADMINS_ACL) != null &&
13501350
!userHasAdministratorAccess(servletContext, remoteUser)) {
1351-
response.sendError(HttpServletResponse.SC_FORBIDDEN, "User "
1352-
+ remoteUser + " is unauthorized to access this page.");
1351+
response.sendError(HttpServletResponse.SC_FORBIDDEN,
1352+
"Unauthenticated users are not " +
1353+
"authorized to access this page.");
1354+
LOG.warn("User " + remoteUser + " is unauthorized to access the page "
1355+
+ request.getRequestURI() + ".");
13531356
return false;
13541357
}
13551358

0 commit comments

Comments
 (0)