cancel
Showing results for 
Search instead for 
Did you mean: 
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
r0g3rp1
New member
1 0 0 0
Message 1 of 2
507
Flag Post

Quality Center

HP Recommended
Microsoft Windows Server 2008 (64-bit)

Hi, We are currently running QC10 and are getting this after pen testing and I would like to know if this can be fixed by upgrading to ALM12?

 

    1.1.1        MEDIUM – Web Server Directory Traversal Arbitrary File Access

Observation:  The remote web server is affected by a directory traversal vulnerability.

Devices affected: 

XXX.XXX.XXX.XXX – TCP port 8083

Impact: It appears possible to read arbitrary files on the remote host outside the web server's document directory using a specially crafted URL. An unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks.

Recommendation:  Contact the vendor for an update, use a different product, or disable the service altogether.

 

1.1.2        MEDIUM – Multiple Server Crafted Request WEB-INF Directory Information Disclosure

Observation:  The remote web server is affected by an information disclosure vulnerability.

Devices affected: 

XXX.XXX.XXX.XXX – TCP port 8083

Impact: By making a specially-formatted request to the remote web server, it is possible to retrieve files located under the 'WEB-INF' directory.

Note that this vulnerability is known to affect the Win32 versions of multiple J2EE servlet containers / application servers.

Recommendation:  Contact the vendor for a patch.

 

Does anyone know if upgrading to QC 12 will fix this issue?

I think it's caused by JBOSS using port 8083 to connect to the webinf directory

1 REPLY 1
Dennis_Handly
Level 7
1,515 1,496 30 63
Message 2 of 2
Flag Post
HP Recommended

This is the wrong company for Servers, Storage, Software, and Networking. Please use the Hewlett Packard Enterprise Community:
http://community.hpe.com/t5/Quality-Center-ALM-Practitioners/bd-p/itrc-895

Was this reply helpful? Yes No
ArchivedThis topic has been archived. Information and links in this thread may no longer be available or relevant. If you have a question create a new topic by clicking here and select the appropriate board.
† The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation