Fix list for IBM Security AppScan Standard 8.7

Product documentation


Abstract

The following is a complete listing of IBM Security AppScan Standard fixes for 8.7 with the most recent fix at the top.

Content

Tab navigation


This page lists the defects fixed in this version and its fix packs, along with a brief description of each.

  • Click the Fix by Version tab (above) to access lists for other versions of this product.
  • Click the Fix Central tab (above) to search, select, order, and download fixes to your system with a choice of delivery options.
  • Click the Publications by Version tab (above) to access links to online versions of Security AppScan Standard documentation.

Table of Contents:



Fix Pack 1 (8.7.0.1)
Link Date Released Status
APAR Headline
PM61923 XSS False negative
PM87445 Re-enable attWebProxy
PM84462 Slow performance viewing Security Issue result for specific URL
PM85789 During Multistep Testing, parameters marked "Do not test" are tested.
PM80644 AppScan doesn't detect XSS in the anchor of OpenTextLivelink WCM Presentation Server
PM87727 AppScan Severe Error: Engine Error: (31) - eSEMUnknownError: An item with the same key has already been added.
PM87777 Error during scan: "Worker thread tried to release a connection before acquiring it"
PM86800 AppScan Standard appends "=" to cookies that contain no value
PM86395 False Positive on 2 Blind SQL Injection in AppScan Standard 8.6.0.1 Build 387 Security Rules Verison 1556.
PM86804 ASD does not see POST request parameters correctly when using FireFox as an external browser.
PM86143 Login sequence not recorded properly on particular site
PM85026 "Out-of-session pattern" feature doesn't work
PM88684 Request/response not shown in PDF report when response is JSON
PM84062 "Weak SSL Cipher Suites are Supported" false positive for secure cipher
PM87983 EngineError (31) - Can't init the FTP session occurs with proxy
PM84078 Tracking an instance of a custom parameter does not work in AppScan Standard 8.6.0.1
PM90180 "Show in browser" fails for SSL pages
PM88998 Cross-Site Request Forgery advisory unclear
PM84815 Test failed to find known CSRF vulnerability variant > Need improved advisory for vulnerability
PM88500 "Tests: Refresh original response interval" causes AppScan to refresh responses even though the interval is set to 99999
PM87155 Unnecessary "File download" pop-up during Test stage
PM78793 Missing Apache Struts related CVE support

Initial Release (8.7.0.0)
Link Date Released Status

APAR/Ref Headline
PM35038 Unencrypted Viewstate false positive
PM60373 Smart tags feature not working in some environments
PM68470 AppScan Standard fails to identify URLs and generate tests after exploring with GSC
PM68645 Generic Service Client throws "out of memory"
PM78208 AppScan 8.6: HTTP 502 Bad Gateway when SSL V2 is enabled on Win 2008/Win 7
PM78685 CrossSite Scripting attXSSScriptPostParamInGet does not remove Content-Length header when changing request from POST to GET
PM78804 Manual CVSS scoring is lost after Security Issues are re-arranged
PM78999 Add the missing variants for "attFormsAuthHttpInjectionToLogin" in AppScan Standard
PM79173 Scan is incomplete when there are a lot of out-of-session problems during invasive testing
PM79524 Tests are incorrectly created on requests to image files
PM79529 Validation rules on Image file needs improvement
PM79552 AppScan Standard 8.6 encodes URLs when playing back in-session
PM79712 Incorrect redirect response is shown in Request/Response tab
PM79713 Custom error page re-validation may not remove variants that should be removed
PM79898 AppScan throws an unexpecter error when generating Detailed PDF report
PM79920 AppScan fails to populate Application Tree for attachment requests using multiple lines
PM80220 AppScan should not wait for fingerprint response when Server Down Check is OFF
PM80645 AppScan crashes during Explore stage login
PM80984 Unable to load Glassbox_Sample_Scan.scan in AppScan Standard 8.6.x
PM81221 AppScan crashes in the Explore stage with 'System.OutOfMemoryException'
PM81232 AppScan crashes with Engine Error: (4)
PM81309 AppScan may find false positive with "Session Not Invalidated After Logout"
PM81435 AppScan crashes during Explore stage due to JavaScript execution.
PM81499 The two Tested Elements are not equal even though tests are all sent
PM81815 Performance issue due to extremely high volume of issues reported by AppScan
PM81960 Test stage stops before completion after a Manual Explore
PM81973 AppScan generates reports without line break in the title
PM82114 Some parameter entity tests are not created if the site's IP address changes between Explore and Test stages
PM82391 Scan log does not show "Performing login" on AppScan Standard v8.6.0.1
PM82494 The parameter is not tracked correctly with multi-step optimization OFF
PM82545 Error Code 502 when trying to record a login
PM82759 Manual Test in AppScan Standard 8.6.0.1 does not show the entire response
PM83030 AppScan gets out-of-session when scanning WebSphere portal with Prompt Login
PM83108 AppScan Standard 8.6.0.1 may report false positives if HttpOnly and Secure attributes are missing on cookies
PM83113 JSON parameters that contain an underscore in their name are not tested
PM83141 Silent install incorrectly documented
PM83316 AppScan sends cookies to wrong site during testing
PM83705 AppScan crashes during Explore stage with eSEMDBCommandFailed error
PM83894 JSP not covered in "Application Test Script Detected" test
PM84171 AppScan raises "Engine Error: (31) eSEMUnknownError" during Explore
PM84320 False Positive for "Encryption Not Enforced"
PM84472 False Negative SQL Injection issue


Rate this page:

(0 users)Average rating

Document information


More support for:

IBM Security AppScan Standard
Documentation

Software version:

8.7, 8.7.0.1

Operating system(s):

Windows

Software edition:

Standard

Reference #:

7037000

Modified date:

2013-06-13

Translate my page

Machine Translation

Content navigation