cancel
Showing results for 
Search instead for 
Did you mean: 
The HP Calculator Community Message Board is moving. While we prepare for the move, we are unable to accept new postings. During the move, you can look for help from other users by visiting https://www.hpmuseum.org/ . Or if you need technical support for your calculator visit: HP Calculators. .
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
r0g3rp1
New member
1 0 0 0
Message 1 of 2
511
Flag Post

Quality Center

HP Recommended
Microsoft Windows Server 2008 (64-bit)

Hi, We are currently running QC10 and are getting this after pen testing and I would like to know if this can be fixed by upgrading to ALM12?

 

    1.1.1        MEDIUM – Web Server Directory Traversal Arbitrary File Access

Observation:  The remote web server is affected by a directory traversal vulnerability.

Devices affected: 

XXX.XXX.XXX.XXX – TCP port 8083

Impact: It appears possible to read arbitrary files on the remote host outside the web server's document directory using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks.

Recommendation:  Contact the vendor for an update, use a different product, or disable the service altogether.

 

1.1.2        MEDIUM – Multiple Server Crafted Request WEB-INF Directory Information Disclosure

Observation:  The remote web server is affected by an information disclosure vulnerability.

Devices affected: 

XXX.XXX.XXX.XXX – TCP port 8083

Impact: By making a specially-formatted request to the remote web server, it is possible to retrieve files located under the 'WEB-INF' directory.

Note that this vulnerability is known to affect the Win32 versions of multiple J2EE servlet containers / application servers.

Recommendation:  Contact the vendor for a patch.

 

Does anyone know if upgrading to QC 12 will fix this issue?

I think it's caused by JBOSS using port 8083 to connect to the webinf directory

1 REPLY 1
Dennis_Handly
Level 7
1,515 1,086 30 59
Message 2 of 2
Flag Post
HP Recommended

This is the wrong company for Servers, Storage, Software, and Networking. Please use the Hewlett Packard Enterprise Community:
http://community.hpe.com/t5/Quality-Center-ALM-Practitioners/bd-p/itrc-895

Was this reply helpful? Yes No
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation