I ran into the same findings in a Cloudera 7.x setup. For the Zookeeper TRACE/TRACK warning on port 7000, you can mitigate it by disabling these methods in the embedded Jetty config or, more commonly, by placing a reverse proxy (Apache/Nginx) in front of ZooKeeper and blocking TRACE/TRACK. For the MapReduce HSTS warning (port 13562), HSTS isn’t enabled by default. The fix is to add the Strict Transport Security header either through the service’s HTTPS response configuration or again via a reverse proxy. This enforces HTTPS and clears the scan finding. ... View more

Hi,   Thanks for the details. Sure, please keep me updated on this. This seems critical to my security team.     ... View more