Micro Focus (now OpenText) Community
Micro Focus (now OpenText) Community
  • Site
  • User
  • Site
  • Search
  • User
Micro Focus (now OpenText) Community
  • Blogs
  • Ask & Explore
  • Community Guide
  •  

    Menu

    ×
  1. Welcome

      Welcome

      ×
    1. Getting Started Guide
    2. Knowledge Partner Program
  2. Application Delivery Management

      Application Delivery Management

      ×
    1. AccuRev
    2. Agile Manager
    3. ALM / Quality Center
    4. ALM Octane and ValueEdge
    5. Business Process Testing
    6. Deployment Automation
    7. Dimensions CM
    8. Dimensions RM
    9. LoadRunner Cloud
    10. LoadRunner Enterprise
    11. LoadRunner Professional
    12. Micro Focus Connect
    13. Project and Portfolio Mgmt.
    14. PulseUno
    15. PVCS Version Manager
    16. Release Control
    17. Requirements Management
    18. Service Virtualization
    19. Silk Central
    20. Silk Performer
    21. Silk Test
    22. StarTeam
    23. UFT Developer
    24. UFT Digital Lab (formerly UFT Mobile)
    25. UFT One
  3. Application Modernization & Connectivity

      Application Modernization & Connectivity

      ×
    1. AMC-INTL
    2. ChangeMan SSM
    3. ChangeMan ZMF
    4. Comparex
    5. Extend / AcuCOBOL
    6. Extra!
    7. Host Access for the Cloud
    8. Host Access Mgmt/Security Server
    9. Micro Focus and AWS Partnership
    10. Micro Focus™ COBOL Analyzer
    11. Micro Focus™ Enterprise Analyzer
    12. Micro Focus™ Enterprise Developer
    13. Micro Focus™ Enterprise Server
    14. Micro Focus™ Enterprise Test Server
    15. Micro Focus™ Visual COBOL
    16. Net Express / Server Express
    17. Network Virtualization
    18. OpenFusion
    19. Orbacus
    20. Orbix
    21. Reflection
    22. RM/COBOL
    23. Rumba
    24. StarTool
    25. Verastream
    26. VisiBroker
  4. CyberRes by OpenText

      CyberRes by OpenText

      ×
    1. CyberRes User Group
    2. ArcSight
    3. File Analysis Suite
    4. File Dynamics
    5. File Reporter
    6. Fortify
    7. Galaxy
    8. NetIQ Access Manager
    9. NetIQ AD Bridge
    10. NetIQ Advanced Authentication
    11. NetIQ Change Guardian
    12. NetIQ Data Access Governance
    13. NetIQ Directory & Resource Administrator
    14. NetIQ eDirectory
    15. NetIQ Group Policy Administrator
    16. NetIQ Identity Governance
    17. NetIQ Identity Manager
    18. NetIQ LDAP Proxy
    19. NetIQ Privileged Account Manager
    20. NetIQ Risk Service
    21. NetIQ Secure API Manager
    22. NetIQ Secure Configuration Manager
    23. NetIQ SecureLogin
    24. NetIQ Security Solutions for IBM i
    25. NetIQ Self Service Password Reset
    26. NetIQ Validator
    27. SecureData
    28. SecureMail
    29. Sentinel
    30. Structured Data Manager
    31. Voltage
  5. Information Management & Governance

      Information Management & Governance

      ×
    1. Content Manager
    2. ControlPoint
    3. Data Protector
    4. IDOL
    5. PlateSpin
    6. Retain
    7. Storage Manager
    8. VM Explorer
  6. IT Operations Management

      IT Operations Management

      ×
    1. Asset Management
    2. Data Center Automation
    3. Hybrid Cloud Management
    4. Hybrid Cloud Management X
    5. Network Operations Management (NNM and Network Automation)
    6. Operations Bridge
    7. Operations Orchestration
    8. OPTIC (ITOM Platform)
    9. Robotic Process Automation
    10. Service Management Automation
    11. Service Request Center (SRC)
    12. Service Support Manager (SSM)
    13. SMA-Service Manager Suite
    14. SMAX Suite
    15. Solutions Business Manager
    16. Universal Discovery & CMDB
  7. Team Collaboration and Endpoint Management

      Team Collaboration and Endpoint Management

      ×
    1. Connected Backup
    2. Filr
    3. GroupWise Products
    4. iPrint
    5. Open Enterprise Server
    6. Vibe
    7. ZENworks
  8. Control Tower
  9. Micro Focus Marketplace
  10. News from Support
  11. Technical Insights Series
  • User
  • Site
  • Explore Community
  • User
    Fortify
    Community Home › CyberRes by OpenText › Fortify › Fortify Product Announcements

    Fortify

    • Home
    • Discussions
    • Tips & Info
    • CyberRes Blogs
    • News & Events
    • New
    • Welcome to Fortify on Demand 22.1!
    • Jenkins 7.0.0 Release
    • +Fortify Product Announcements
    • CyberRes Fortify Product Announcement: SCA, SSC, WI & WIE 21.2.0
    • CyberRes Fortify Software Security Content 2021 Update 3
    • CyberRes Fortify Software Security Content 2022 Update 1
    • CyberRes Fortify Software Security Content 2022 Update 2
    • CyberRes Fortify Software Security Content 2022 Update 3
    • CyberRes Fortify Software Security Content 2022 Update 4
    • CyberRes Fortify Software Security Content Update 4
    • Debricked Software Composition Analysis Fortify on Demand Debricked Assessment Subscription SaaS 21.2
    • Fortify on Demand 21.2
    • Fortify on Demand 21.2.1 Release
    • Fortify On Demand 23.1
    • Fortify on Demand Eclipse and IntelliJ Plugin 21.1 Update
    • Fortify on Demand Extension for Visual Studio v22.1.0 Release Notes
    • Fortify on Demand now available on AWS Marketplace
    • Fortify on Demand Plugin for IntelliJ v23.1
    • Fortify on Demand Releases 19.3
    • Fortify on Demand Releases 19.5
    • Fortify on Demand Releases version 19.2
    • Fortify On Premise Product Announcement: 22.1.0
    • Fortify On Premise Product Announcement: 22.2.0
    • Fortify On Premise Product Announcement: 23.1.0
    • Fortify Remediation Plugin for Eclipse 23.1.0
    • Fortify Remediation Plugin for IntelliJ IDEA and Android Studio 23.1.0
    • Fortify SCA and Tools 21.1.1 Patch Release
    • Fortify ScanCentral SAST 22.1.1 Patch Release
    • Fortify Security Assistant for IntelliJ
    • Fortify Security Assistant for IntelliJ IDEA and Android Studio v22.2
    • Fortify Security Assistant Plugin for IntelliJ IDEA v23.1 Release
    • Fortify Software Security Center 22.1.1 Patch Release
    • Fortify Software Security Center 22.1.2 Patch Release
    • Fortify Software Security Center Patch Release Notes 23.1.1
    • Fortify Software Security Content 2018 Update 3
    • Fortify Software Security Content 2018 Update 4
    • Fortify Static Code Analyzer (SCA) 18.11 Product Announcement
    • Fortify Static Code Analyzer 21.2.4 Patch Release
    • Fortify Static Code Analyzer 22.1.2 Patch Release
    • Fortify Static Code Analyzer 22.2.1 Patch Release
    • Fortify Static Code Analyzer Tools 22.2.2 Patch Release Note
    • Fortify WebInspect Enterprise Installation and Implementation Guide 22.2.0 - Updated
    • Micro Focus Fortify Software Security Content Critical Advisory Support - August 2019
    • Micro Focus Fortify Extension for Visual Studio Code Version 22.1.0 Release Notes
    • Micro Focus Fortify Jenkins Plugin Version 22.1 Release Notes
    • Micro Focus Fortify Product Announcement Version 18.20
    • Micro Focus Fortify Product Announcement: 20.1.1 Patch Available
    • Micro Focus Fortify Product Announcement: Audit Assistant On-premise 19.2
    • Micro Focus Fortify Product Announcement: Fortify on Demand 20.3
    • Micro Focus Fortify Product Announcement: Jenkins and FoD VS Extension
    • Micro Focus Fortify Product Announcement: SCA & SSC Version 19.1.0
    • Micro Focus Fortify Product Announcement: SCA 20.1.2 Patch Available
    • Micro Focus Fortify Product Announcement: SCA 20.2.1 patch available
    • Micro Focus Fortify Product Announcement: SCA and XCode 11.7
    • Micro Focus Fortify Product Announcement: SCA, SSC, WI & WIE 19.2.0
    • Micro Focus Fortify Product Announcement: SCA, SSC, WI & WIE 20.1.0
    • Micro Focus Fortify Product Announcement: SCA, SSC, WI & WIE 20.2.0
    • Micro Focus Fortify Product Announcement: SCA, SSC, WI & WIE 21.1.0
    • Micro Focus Fortify Product Announcement: SSC 20.2.2 patch available
    • Micro Focus Fortify Product Announcement: Static Code Analyzer Version 19.1.1
    • Micro Focus Fortify Product Announcement: Static Code Analyzer Version 19.1.2
    • Micro Focus Fortify Product Announcement: Static Code Analyzer Version 19.2.1
    • Micro Focus Fortify Product Announcement: Static Code Analyzer Version 19.2.3
    • Micro Focus Fortify Product Announcement: VS Code Plugin available
    • -Micro Focus Fortify Product Announcement: WebInspect Version 19.1.0
      • Detect Log4shell with Fortify WebInspect
    • Micro Focus Fortify Software Security Content 2018 Update 2
    • Micro Focus Fortify Software Security Content 2019 Update 1
    • Micro Focus Fortify Software Security Content 2019 Update 2
    • Micro Focus Fortify Software Security Content 2019 Update 3
    • Micro Focus Fortify Software Security Content 2019 Update 4
    • Micro Focus Fortify Software Security Content 2020 Update 1
    • Micro Focus Fortify Software Security Content 2020 Update 2
    • Micro Focus Fortify Software Security Content 2020 Update 3
    • Micro Focus Fortify Software Security Content 2021 Update 1
    • Micro Focus Fortify Software Security Content 2021 Update 2
    • Micro Focus Security Fortify Product Announcement Version 17.2
    • Micro Focus Security Fortify Product Announcement Version 18.10
    • Micro Focus Security Fortify Software Security Content 2018 Update 1
    • Micro Focus Software Security Content 2020 Update 4
    • OpenText Fortify Software Security Content 2023 Update 1
    • SECURITY BULLETIN: Fortify XML XXE Injection
    • Subscribe today for Fortify Product Announcements!
    • Support Tip: CVE-2021-44228 Log4j Vulnerability for Application Defender 20.1
    • Support Tip: CVE-2021-44228 Log4j Vulnerability for Fortify Audit Assistant
    • Support Tip: CVE-2021-44228 Log4j Vulnerability for Fortify Java Runtime Agent
    • Support Tip: CVE-2021-44228 Log4j Vulnerability for Fortify ScanCentral SAST
    • Support Tip: CVE-2021-44228 Log4j Vulnerability for Fortify Software Security Center
    • Support Tip: CVE-2021-44228 Log4j Vulnerability for Fortify Static Code Analyzer & Tools
    • Translations: Fortify Software Security Content 2018 Update 4
    • Translations: Fortify Software Security Content 2019 Update 1
    • Translations: Fortify Software Security Content 2019 Update 2
    • Translations: Fortify Software Security Content 2019 Update 3
    • Translations: Fortify Software Security Content 2019 Update 4
    • Translations: Fortify Software Security Content 2020 Update 1
    • Translations: Fortify Software Security Content 2020 Update 2
    • Translations: Fortify Software Security Content 2020 Update 3
    • Translations: Fortify Software Security Content 2020 Update 4
    • Translations: Fortify Software Security Content 2021 R1
    • Translations: Fortify Software Security Content 2021 Update 2
    • Translations: Fortify Software Security Content 2021 Update 3
    • Translations: Fortify Software Security Content 2021 Update 4
    • Translations: Fortify Software Security Content 2022 Update 1
    • Translations: Fortify Software Security Content 2022 Update 2
    • Translations: Fortify Software Security Content 2022 Update 3
    • Translations: Fortify Software Security Content 2022 Update 4
    • Update: Micro Focus Fortify on Demand 20.4 Release Postponed
    • Welcome to Fortify on Demand 22.2!
    • What's New in Fortify WebInspect 23.1

    You are currently reviewing an older revision of this page.

    • History View current version

    How to Get the WebInspect Log4J Patc

    In our efforts to keep WebInspect a best-of-breed solution, we are creating a new set of capabilities to detect out-of-band vulnerabilities and a new technique called OAST (Out-of-Band Application Security Testing).

    The log4Shell vulnerability everyone has been talking about is one of these, specifically it causes Log4J to request a lookup be performed against a malicious LDAP server. This is an out-of-band attack because nothing reflects to the attacker, the attack goes to a third machine, the malicious LDAP server.

    How we will detect it

    We are standing up a public service that can be used to capture the out-of-band attacks. WebInspect can then query this service and, by providing a shared secret key, determine if the server under testing was vulnerable.

    For customers who are testing internal networks without access to the public service there will be an internal docker container that can be used.

    This new service will not only be used for the log4Shell exploit, but other interesting attacks as well (list in the slide below.)

     

    How to get it:

    • WebInspect: Install 21.2 and Smartupdate to get the new check
    • WebInspect Enterprise: Install WIE Server 21.2 and Sensors 21.2 and Smartupdate the sensors
    • ScanCentral DAST: Install SCDast 21.2 and pull the latest version of the WI Sensors version 2.1

    Again, our goal with this update is to keep WebInspect on the cutting edge of all things AppSec. A validation of how WebInspect is at the top of the class in the AppSec industry is our attainment of a perfect score of 5.0 in the 2021 Gartner MQ for AppSec Testing for DAST. With this new OAST capability, we’re just making it even better. Shoutout to all our WebInspect users!

    Resources

    Support
    Documentation
    Learning Services
    CyberRes Academy
    Partner Programs
    Contact us
    Compliance
    Help
    Company
    Privacy Policy
    Terms of Use
    Accessibility
    Anti-Slavery Statement
    Support
    Contact Us
    Careers
    Code of Conduct
    Follow Us
    Copyright © 2023 Open Text
    The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.