IBM Support

PI09179: SANS Top 25 Report CWE-79 and possibly others: does not expand details for first html tree expansion box

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • Run Scan
    
    Next
    Go to Tools ? Generate Report
    Select CWS SANS Top 25 2010 report and click Next
    Specify
     to html format
     Include the source code surrounding each finding @5 and 5
     Include trace data
     Definitive
    Click Finish
    When prompted that the source cannot be found click No to
    discover
    
    In the IE window that appears, attempt to expand the FIRST
    twisty under ''CWE-79: Improper Neutralization of Input During
    Web Page Generation ('Cross-site Scripting')'
    Notice that you cannot expand and view the 78 findings nor can
    you collapse the CWE entry itself.
    This problem is not appear to be present for any other items on
    the generated page.
    

Local fix

Problem summary

  • ****************************************************************
    * USERS AFFECTED:                                              *
    ****************************************************************
    * PROBLEM DESCRIPTION:                                         *
    ****************************************************************
    * RECOMMENDATION:                                              *
    ****************************************************************
    One of the twisties in CWS SANS Top 25 2010 report wasn't
    working correctly.
    

Problem conclusion

  • It has been fixed in the code.
    

Temporary fix

Comments

APAR Information

  • APAR number

    PI09179

  • Reported component name

    SEC APPSCAN SRC

  • Reported component ID

    5724Z3400

  • Reported release

    880

  • Status

    CLOSED PER

  • PE

    NoPE

  • HIPER

    NoHIPER

  • Special Attention

    NoSpecatt

  • Submitted date

    2014-01-08

  • Closed date

    2014-04-01

  • Last modified date

    2014-04-01

  • APAR is sysrouted FROM one or more of the following:

  • APAR is sysrouted TO one or more of the following:

Fix information

  • Fixed component name

    SEC APPSCAN SRC

  • Fixed component ID

    5724Z3400

Applicable component levels

  • R880 PSN

       UP

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSS9LM","label":"IBM Security AppScan Source for Automation"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"880","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
12 December 2021