PM81164: ASE: 8.6.0.2 missing XSS PVs in Report

Subscribe

You can track all active APARs for this component.

APAR status

  • Closed as program error.

Error description

  • AppScan Enterprise 8.6.0.2 may report possible XSS potential
    vulnerabilities in the Scan Log but fail to report them the
    Report Pack Reports.  This issue is a known False Positive; the
    Scan Log report of the Potential Vulnerability is incorrect.
    
    There is no workaround for this issue.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    There is a defect in the engine that causes False ScanLog
    entries.
    It happens when an XSS payload is reflected in a response,
    but it is not really vulnerable.
    Note that the problem is only in the scan log and not in the
    reports.
    

Problem conclusion

  • Fixed.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PM81164

  • Reported component name

    SEC APPSCAN ENT

  • Reported component ID

    5724T5200

  • Reported release

    800

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2013-01-22

  • Closed date

    2013-03-27

  • Last modified date

    2013-03-27

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SEC APPSCAN ENT

  • Fixed component ID

    5724T5200

Applicable component levels

  • R800 PSN

       UP



Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security AppScan Enterprise

Software version:

8.0

Reference #:

PM81164

Modified date:

2013-03-27

Translate my page

Machine Translation

Content navigation