Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-14473

[17.1 OSPDO] - OpenStackProvisionServer should not allow HTTP TRACE

XMLWordPrintable

    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • osp-director-operator-container-1.3.1-21
    • None
    • Release Note Not Required
    • Moderate

      Security scanner will alert on HTTP trace enabled.

      To Reproduce Steps to reproduce the behavior:
      HTTP TRACE is allowed from OSPDO provisioner server.

      Expected behavior
      TraceEnable Off in httpd config

      Bug impact
      Security issue as defined by the scanner

      Known workaround
      None; it seems the operator will revert any manual config

              abays@redhat.com Andrew Bays
              mflusche@redhat.com Mathew Flusche
              rhos-dfg-ospk8s
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: