This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK
rameshv
Cadet 1st Class
Cadet 1st Class
‎2018-11-08 17:31
4782 views

Insecure Deployment: Unpatched Application ( 5600 )

Hi , my webinspect reports this error "Insecure Deployment: Unpatched Application ( 5600 )" , webinspect passed a script via URL of the page and the page returned 502 proxy error, not sure how to fix it as we have the XSS protection enabled and content securoty policy is set in apache

0 Likes
Reply
Report Inappropriate Content
4 Replies
HansEnders
Micro Focus Expert
Micro Focus Expert
‎2018-11-08 22:40

I am not able to locate a check by that name in the WebInspect Policy Manager tool.  Can you provide the full Check ID#, name, and additional details?  This sounds like a Fortify SCA finding for SAST rather than WebInspect for DAST?


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Reply
Report Inappropriate Content
rameshv
Cadet 1st Class
Cadet 1st Class
‎2018-11-09 00:26

Apologize for the confusion, it is "HPE Fortify WebInspect" as per the report.

Below are the details from the scan, please let me know if you need additional details.

Scan Name: XXXXXXXX
Crawl Sessions: 3
Scan Duration:
Vulnerabilities: 1
Policy:
Scan Date:
Scan Version: 17.20.322.0
Scan Type: Site Client: IE

Medium Issues
Insecure Deployment: Unpatched Application ( 5600 )
CWE: 79,80,116,811
Kingdom: Environment

Page: https://XXXXX/%3Cscript%3Ealert('SPIXSSTEST')%3C/script%3E.do
Request:
GET /XX/%3Cscript%3Ealert('SPIXSSTEST')%3C/script%3E.do HTTP/1.1

 

0 Likes
Reply
Report Inappropriate Content
rameshv
Cadet 1st Class
Cadet 1st Class
‎2018-11-10 03:03

Hi, did you get a chance to look into my information in the above message.
0 Likes
Reply
Report Inappropriate Content
rameshv
Cadet 1st Class
Cadet 1st Class
‎2018-11-14 15:56

Hi,

Did you get a chance to look into the issue?

0 Likes
Reply
Report Inappropriate Content
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.