Hello
How can we disable HTTP trace/track HTTP me...
# all-things-deploymentr
rich-policeman-92383
09/20/2022, 6:45 AMHello
How can we disable HTTP trace/track HTTP methods for datahub mae and mce.
This is reported by our infosec team as one of the vulnerabilities.
datahub version : v0.8.41
i
incalculable-ocean-74010
09/20/2022, 8:37 AMHello @rich-policeman-92383
Could you provide some more information? Where do you see those methods?
r
rich-policeman-92383
09/20/2022, 8:42 AMPort 9090 and port 9091. These ports are bind with mae and mce on the nodes on which this vulnerability is reported.
https://github.com/datahub-project/datahub/blob/master/docker/datahub-mae-consumer/Dockerfile#L53
i
incalculable-ocean-74010
09/20/2022, 1:44 PMCan you share some more information? Privately is fine.
r
rich-policeman-92383
09/20/2022, 5:48 PMI have privately shared a snippet of report shared by infosec.
rich-policeman-92383
09/23/2022, 12:53 PMNessus is a proprietary vulnerability scanner offered by Tenable.
The vulnerability reported is mentioned here : https://www.tenable.com/plugins/nessus/11213
4 Views