We need support and an explanation for vulnerability returning for your software with HP Webinspect.

Critical Security vulnerability found by HP WebInspect regarding input validation. Note, this is a critical security vulnerability that's currently prohibiting a customer-base Wiki application from deploying onto a NASA production server. Your quick response with explanation for vulnerability returning in your software or fix is required for further validation with NASA Information Assurance before they will allow production deployment of your software onto their servers. Report states: The 'Authorization' HTTP header line must have at least 270 A's. Demonstration Exploit: GET / HTTP/1.0 Authorization: Ax270. Implication: A remote user can execute arbitrary code on the target system.

2 answers

0 votes

You'll need to take that up with your hosting provider or Atlassian.  We're just end users.  Atlassian are here, but they don't provide formal support here.

0 votes
Ann Worley Atlassian Team Aug 17, 2017

@Shawn, we provide support here for starter licenses. :)

I asked the security team how I could help with your security concern and they advised me to direct you to How to Report a Security Issue.

It would be great if you could follow up here in the Community when you get an answer, in case someone else has the same issue. 

Hi Ann, thanks for your suggestion. I have filed a security Issue here: https://securitysd.atlassian.net/servicedesk/customer/portal/2/SEC-1650

I tried to report a bug, as I thought that would be the quickest resolution, but I found I did not have permissions to submit a bug. So the link fir reporting a Security issue was where I needed to go.

I will report back here on its success. Most likely it is not an actual vulnerability, but as it is a common security inspection tool flagging a vulnerability, we have to follow up. Thanks for your help,

Shawn

Suggest an answer

Log in or Sign up to answer
Community showcase
Posted Oct 24, 2018 in Confluence

Atlassian Research opportunity with Confluence templates

Do you use templates with Confluence? Take part in a remote 1-hr workshop. You'll receive USD $100 for your time!   We're looking for people to participate in a   remote 1-hr workshop...

1,166 views 20 14
Join discussion

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you