Addressing Qualys scan findings QID 11827 and QID 13162
Article ID: 131995
Updated On:
Products
CA Application Performance Management Agent (APM / Wily / Introscope)
INTROSCOPE
Issue/Introduction
The security team is reporting these two Qualys scan vulnerabilities. The #13162 is supposed to have been fixed in a previous patch. There is little info from Qualys about #11827.
QID Vulnerability
11827 HTTP Security Header Not Detected
13162 Session Cookie Does Not Contain the "Secure" Attribute
Environment
All supported releases.
Resolution
10.x.x.x:8081/ is a static page with the links to CEM and Webstart. One can see that these headers are available from the APM Customer Experience login page.
Practically, this page can't be exploited because there are no editable fields on the page to exploit/make vulnerable. So, this can be marked as false positive.
Practically, this page can't be exploited because there are no editable fields on the page to exploit/make vulnerable. So, this can be marked as false positive.
Feedback
Yes
No
Powered by
