IBM Support

PM83316: AppScan Standard sends cookies to wrong site (http://demo.testfire.net) during testing

Subscribe

You can track all active APARs for this component.

 

APAR status

  • Closed as program error.

Error description

  • AppScan Standard 8.6.x contains an attack, attWebProxy, that
during execution attempts to send cookies from the site being
tested to http://demo.testfire.net

The attack is designed craft a request intended for a proxy in
order to test if the site under test is vulnerable to proxying
requests, but in doing so AppScan Standard incorrectly connects
directly to the target site (http://demo.testfire.net in this
case) and includes in the request cookies from the site being
tested.

The current recommendation is to disable this test:
1) Go to Scan configuration ? Test Policy
2) Search for 'attWebProxy'
The only result will be 'HTTP Request Forwarding (Web Proxy)
Detected'
3) Deselect the checkbox next to this entry to disable it.
4) Save the scan file after doing this.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
AppScan Standard 8.6.x contains an attack, attWebProxy, that
during execution attempts to send cookies from the site
being tested to http://demo.testfire.net

The attack is designed craft a request intended for a proxy
in order to test if the site under test is vulnerable to
proxying requests, but in doing so AppScan Standard
incorrectly connects directly to the target site
(http://demo.testfire.net in this case) and includes in the
request cookies from the site being tested.

    



Problem conclusion


    

  • Fixed in AppScan Standard 8.7

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PM83316
    • 

  • Reported component name
    SEC APPSCAN STD
    • 

  • Reported component ID
    5724T5900
    • 

  • Reported release
    860
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-02-20
    • 

  • Closed date
    2013-03-27
    • 

  • Last modified date
    2013-03-27
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SEC APPSCAN STD
    • 

  • Fixed component ID
    5724T5900
    • 



Applicable component levels


    

  • R860  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":null,"label":null},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"860","Edition":"","Line of Business":{"code":null,"label":null}}]
              

                                                                    

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 September 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback