kolla-ansible

http_trace is enabled and has security risk in httpd

Bug #1705160 reported by Jeffrey Zhang on 2017-07-19

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	kolla-ansible	Fix Released	Undecided	Jeffrey Zhang	kolla-ansible pike-3 "pike"
	Ocata	Fix Released	Undecided	Unassigned	kolla-ansible 4.0.3 "ocata"

Bug Description

Need disable http trace feature in all containers running httpd

more info please check https://security.stackexchange.com/questions/7703/implications-of-trace-track-methods-on-apache

See original description

Jeffrey Zhang (jeffrey4l) on 2017-07-19

Changed in kolla-ansible:
milestone:	none → pike-3

Jeffrey Zhang (jeffrey4l) on 2017-07-19

description:

updated

Jeffrey Zhang (jeffrey4l) on 2017-07-19

Changed in kolla-ansible:
assignee:	nobody → Jeffrey Zhang (jeffrey4l)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-19: Fix merged to kolla-ansible (master)

Reviewed: https://review.openstack.org/485014
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=f5dd178fc534c4585fa7168ca0649c684ff869b4
Submitter: Jenkins
Branch: master

commit f5dd178fc534c4585fa7168ca0649c684ff869b4
Author: Jeffrey Zhang <email address hidden>
Date: Wed Jul 19 10:52:41 2017 +0800

Disable trace for all containers running httpd

Trace method is enabled in default for httpd. There is security risk
with trace enabled. So disable it in default. more info please check[0].

[0] https://security.stackexchange.com/a/7711

Change-Id: I4496a6d058d88e1abfb210085f189e7a610e0362
Closes-Bug: #1705160

Changed in kolla-ansible:
status:	New → Fix Released

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-26: Fix merged to kolla-ansible (stable/ocata)

Reviewed: https://review.openstack.org/485641
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=4f6a214df973dcc21beb29d79c6126cbefb19489
Submitter: Jenkins
Branch: stable/ocata

commit 4f6a214df973dcc21beb29d79c6126cbefb19489
Author: Jeffrey Zhang <email address hidden>
Date: Wed Jul 19 10:52:41 2017 +0800

Disable trace for all containers running httpd

Trace method is enabled in default for httpd. There is security risk
with trace enabled. So disable it in default. more info please check[0].

[0] https://security.stackexchange.com/a/7711

    Change-Id: I4496a6d058d88e1abfb210085f189e7a610e0362
    Closes-Bug: #1705160
    (cherry picked from commit f5dd178fc534c4585fa7168ca0649c684ff869b4)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-07-27: Fix included in openstack/kolla-ansible 5.0.0.0b3

This issue was fixed in the openstack/kolla-ansible 5.0.0.0b3 development milestone.

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2017-12-15: Fix included in openstack/kolla-ansible 4.0.3

This issue was fixed in the openstack/kolla-ansible 4.0.3 release.

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.