APAR status
Closed as program error.
Error description
Report displays HEX character code: HEX(0D)HEX(0A) in Blind SQL Injection reasoning. The HEX character code: HEX(0D)HEX(0A) is for a CarriageReturn (0D) and LineFeed (0A). The Blind SQL Injection Issue report shows the HEX(0D)HEX(0A): Reasoning: The test result seems to indicate a vulnerability because it shows that values can be appended to parameter values, indicating that they were embedded in an SQL query.HEX(0D)HEX(0A)In this test, three (or sometimes four) requests are sent. The last is logically equal to the original, and the next-to-last is different. Any others are for control purposes. A comparison of the last two responses with the first (the last is similar to it, and the next-to-last is different) indicates that the application is vulnerable.
Local fix
Problem summary
Bad characters in description.
Problem conclusion
Fixed in 8.8
Temporary fix
Comments
APAR Information
APAR number
PM85535
Reported component name
SEC APPSCAN STD
Reported component ID
5724T5900
Reported release
850
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2013-03-25
Closed date
2013-11-04
Last modified date
2013-11-04
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Fixed component name
SEC APPSCAN STD
Fixed component ID
5724T5900
Applicable component levels
R880 PSY
UP
[{"Line of Business":{"code":"LOB10","label":"Data and AI"},"Business Unit":{"code":"BU029","label":"Software"},"Product":{"code":"SSPH29","label":"IBM Security AppScan Standard"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"850"}]
Document Information
Modified date:
10 September 2020