Cadet 1st Class
Cadet 1st Class
4782 views

Insecure Deployment: Unpatched Application ( 5600 )

Hi , my webinspect reports this error "Insecure Deployment: Unpatched Application ( 5600 )" , webinspect passed a script via URL of the page and the page returned 502 proxy error, not sure how to fix it as we have the XSS protection enabled and content securoty policy is set in apache

0 Likes
4 Replies
Micro Focus Expert
Micro Focus Expert

I am not able to locate a check by that name in the WebInspect Policy Manager tool.  Can you provide the full Check ID#, name, and additional details?  This sounds like a Fortify SCA finding for SAST rather than WebInspect for DAST?


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Cadet 1st Class
Cadet 1st Class

Apologize for the confusion, it is "HPE Fortify WebInspect" as per the report.

Below are the details from the scan, please let me know if you need additional details.

Scan Name: XXXXXXXX
Crawl Sessions: 3
Scan Duration:
Vulnerabilities: 1
Policy:
Scan Date:
Scan Version: 17.20.322.0
Scan Type: Site Client: IE

Medium Issues
Insecure Deployment: Unpatched Application ( 5600 )
CWE: 79,80,116,811
Kingdom: Environment

Page: https://XXXXX/%3Cscript%3Ealert('SPIXSSTEST')%3C/script%3E.do
Request:
GET /XX/%3Cscript%3Ealert('SPIXSSTEST')%3C/script%3E.do HTTP/1.1

 

0 Likes
Cadet 1st Class
Cadet 1st Class

Hi, did you get a chance to look into my information in the above message.
0 Likes
Cadet 1st Class
Cadet 1st Class

Hi,

Did you get a chance to look into the issue?

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.