Support #13477
[SCP ID :##6644##] : Y2022 Web & Mobile Pen Test
Status: | Work Completed-End life cycle | Start date: | April 10, 2023 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | Najmi Pasarudin | % Done: | 100% | |
Category: | - | Spent time: | - | |
Target version: | - |
Description
Hi,
Kindly attend below request:-
Reported issue:
1. Multiple TLS Vulnerabilities
2. Outdated Software
3. Insecure Cookie Configuration
Comment:
1. Need to upgrade Java. Issue is fixed in the new Weblogic server but please check the compatibility with the CAS server
2. Can update at application code but may have compatibility issue
3. Can update at application cod
History
#1 Updated by Najmi Pasarudin over 1 year ago
- Status changed from New - Begin Life Cycle to Development / Work In Progress
#2 Updated by Najmi Pasarudin over 1 year ago
- Status changed from Development / Work In Progress to System Integration Test
- % Done changed from 0 to 90
Patch given on 12/5/2023
1. Multiple TLS Vulnerabilities
-Currently not possible because CAS server is using TLS1
2. Outdated Software
-Fixes in patch 20230512
3. Improper HTTP Security Header (CSP)
-Web server team need to update httpd.conf or apache.conf
4. Insecure Cookie Configuration eCustody
-Fixes in patch 20230512
5. General Information Disclosure
-Web server team need to update iPlanet setting
#3 Updated by Najmi Pasarudin 8 months ago
- Status changed from System Integration Test to Work Completed-End life cycle
- % Done changed from 90 to 100
Patch deployed on 14/06/2023 as per email titled : Y2022 Web & Mobile Pen Test