CDR Tickets

Attaching copy of the app scan report.

Copying an email update from Bob on Wednesday, August 27, 2014 3:28 PM:

I've gone through the report, and it all boils down to needing to scrub our CGI parameters. I've attached a spreadsheet listing the scripts and high+medium vulnerabilities reported. The number of rows in my sheet is lower than the total they give for HIGH and MEDIUM vulnerabilities, because they have a bunch of repeats of the same vulnerability for the same script.

The bulk of the problems reported (and likely some problems they missed) can be eliminated by a change to a single line of code to clean up the session parameter. I've checked that change into trunk. For one script I'm recommending dropping the script, since it's no longer needed. For the rest we'll handle high and medium vulnerabilities in the same pass, as the solution for all of the problems is the same. For each script we touch during this exercise, we'll look for and fix any similar problems they might not have caught. I expect we'll be able to take care of the work in a couple of days.

Isn't this a duplicate of OCECDR-3800?

Hi Bob, I didn't realized you had already opened a ticket. (I had searched for a ticket, but didn't use the same key words!). I will close this ticket and mark it as a duplicate.