WI Agent runtime 4.20

Hi.

We are working with WIE 10.30.  We have installed the new corresponding WI Agent Runtime 4.20 on a webLogic server.

When we start the scan (RAST), WI detect the agent but crasches after 10 minutes.

On logs, we have the message:

[29926 2014-12-09T13:02:59.472 0100 INFO] Fortify Runtime setup complete

[29926 2014-12-09T15:39:58.148 0100 INFO] WebInspect version 10.30.507.10 detected

[29926 2014-12-09T15:39:58.450 0100 ERROR] cannot access request headers. unable to set the header X-WIPP-FNF to 404

Has someone already encountred the same problem?

Regards.

Pierre Grabulos,

  • Pierre:

    My first question is always how did you do the installation of the recommended Runtime Agent.  This could be the issues as it is possible (remote, but possible), that the system did not fully uninstall the previous version.

    While I am not 100% certain it is the Runtime either, this is based on the third error you present:

    [29926 2014-12-09T15:39:58.450 0100 ERROR] cannot access request headers. unable to set the header X-WIPP-FNF to 404

    It would be a logical starting point to possibly help.

    Warmest Regards,

    Joel E. Natt CISSP, CRISC
    Hewlett-Packard Enterprise Software Education
    Exam Development Lead – Hewlett-Packard Enterprise Security
    Get Training: http://www.hpenterprisesecurity.com/university

    Get Certified: http://h10120.www1.hp.com/ExpertOne/certification_program_overview.html


  • Hi Joel

    I did not personally did this installation but a colleague, Kaspar.

    For your first question, It was not a previous version already installed.

    @Kaspar: could you please respond to Joel and explain how you did the installation.

    Thanks, Pierre

    De : Joel Natt

    Envoyé : mercredi 10 décembre 2014 17:02

    À : Grabulos Pierre BIT

    Objet : Re: - WI Agent runtime 4.20

    Protect724<https://protect724.hp.com/>

    WI Agent runtime 4.20

    reply from Joel Natt<protect724.hp.com/.../jnatt in Fortify - View the full discussion<protect724.hp.com/.../52111


  • Hi Joel

    I come again because we have today reinstall the WebInspect agent with a new version of WebLogic.

    In fact the installation is just a copy and a configuration. Mein college from exploitation (kaspar Janowski) has the sentiment, the agent is well installed.

    Then I started a scan, the agent is effectively detected but after a couple of minutes, Scan stopped (status interrupted).

    Here is our configuration.

    • WebLogic Server 12.1.3.0.0
    • Java Version 1.7.0_71
    • Installation Directory: /data/wls/hpfortify/
    • JVM StartupParameter: -javaagent:/data/wls/hpfortify/lib/FortifyAgent.jar

    Do you need the log from WebLogic Server?

    I have also a sdf file from log (64e9451d-93c8-4b49-8045-7d8ec8a77547_sitetree.sdf)

    or a dump (C:\Users\A80708406\AppData\Local\HP\HP WebInspect\Logs\Diagnostics\PLEASE_SEND_WITH_DUMP.ASC).

    Thanks in advance.

    Pierre

  • Afternoon Pierre:

    Can you do me a favor and reach out to Fortify TAC and open a case.  This would help to gather all the information and work quicker to a resolution.

    If the WI Client is seeing the Agent, unless you have manually loaded the path and not allowed for auto discovery via the Crawl and Discovery the scan should not stop.

    I will get with the TAC team as well to have them look for your case.

    Joel

  • Hi Joel

    Thanks.

    I open a case.

    Regards, Pierre

    De : Joel Natt

    Envoyé : jeudi 29 janvier 2015 17:12

    À : Grabulos Pierre BIT

    Objet : Re: - WI Agent runtime 4.20

    Protect724<https://protect724.hp.com/>

    WI Agent runtime 4.20

    reply from Joel Natt<protect724.hp.com/.../jnatt in Fortify - View the full discussion<protect724.hp.com/.../53744