Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
SpydyrMike
Visitor.
5327 views

Unpatched Application (3375) Errors - False Positives

Hi,

Getting a lot of Unpatched Application errors for Apache (WebInspect code 3375).  However, we run RHEL 6, which is Apache 2.2.15, which makes it a false positive.  Is there a patch or future support for running the imbedded Apache instead of the native blends that WebInspect checks for?

Thanks!

 

Mike

Labels (1)
0 Likes
2 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Unpatched Application (3375) Errors - False Positives

You will need to report this in to Fortify Support (support.fortify.com), preferably with some live data to demonstrate it.  They can pass it along to our Dynamic Security Research group as a possible QA issue for that check.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Unpatched Application (3375) Errors - False Positives

I think this user moved this discussion to our Customer Forums at Protect724.  We determined that this check flags based on the server response (or a delay), not simply the Apache reported version, and so we are investigating it further.

FYI to other readers.


-- Habeas Data
Micro Focus Fortify Customers-Only Forums – https://community.softwaregrp.com/t5/Fortify/ct-p/fortify
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.