Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-14672

OpenStackProvisionServer should not allow HTTP TRACE

XMLWordPrintable

    • 1
    • False
    • Hide

      None

      Show
      None
    • False
    • No Docs Impact
    • openstack-operator-container-1.0.8-13
    • None
    • Hide
      .`TraceEnable` parameter disabled by default in httpd configuration
      Before this update, HTTP TRACE was enabled by default from the `OpenStackProvisionServer` CR which resulted in security scanners creating an alert. With this update, the `TraceEnable` parameter has been set to the value "off" by default in the httpd configuration.
      Show
      .`TraceEnable` parameter disabled by default in httpd configuration Before this update, HTTP TRACE was enabled by default from the `OpenStackProvisionServer` CR which resulted in security scanners creating an alert. With this update, the `TraceEnable` parameter has been set to the value "off" by default in the httpd configuration.
    • Bug Fix
    • Done
    • Regression Only
    • Moderate

      Security scanner will alert on HTTP trace enabled.

      To Reproduce Steps to reproduce the behavior:
      HTTP TRACE is allowed from OSPDO provisioner server.

      Expected behavior
      TraceEnable Off in httpd config

      Bug impact
      Security issue as defined by the scanner

      Known workaround
      None; it seems the operator will revert any manual config

              abays@redhat.com Andrew Bays
              mflusche@redhat.com Mathew Flusche
              rhos-dfg-ospk8s
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: