Appended .old for the entire URL (191 Views)
Reply
Occasional Visitor
sravank28
Posts: 1
Registered: ‎02-13-2014
Message 1 of 2 (191 Views)

Appended .old for the entire URL

[ Edited ]

Hi,

 

We have a Enterprise application which is been developed with J2EE technologies. When we ran the WebInspect scan for our application it reported few high issues which are mentioned as below:

 

Backup File (Appended .old) ( 709 ) View Description
CWE: 200
Kingdom: Environment
Page: https://localhost:9999/webapp/strutsactionname.action.old

I searched the entire webroot directory i dont see any .old files been there. 

 

I need to know how to fix this as the suggestion from the report says there could be some .bak ,.old files will be there which needs to be cleaned up but in my case i have verified i dont see any .bak or .old files.

 

I am more confused as .old has been appended to the entire url as there can never a file exists like the one mentioned above in my application.

 

Please help me in this regard.

 

Respected Contributor
HansEnders
Posts: 613
Registered: ‎07-01-2008
Message 2 of 2 (154 Views)

Re: Appended .old for the entire URL

sravank28;

 

This is one of a series of simplistic checks that either append or replace the file extension seen during the Crawl in the hopes that it could come across left-over or back-up files.  Typically a StatusCode of 200 OK indicates success.  I suspect your particular page responded with something other than 404 and that is why it was flagged with this vulnerability.

 

If you investigate the X-Memo headers that WebInspect added to the HTTP Request, it may help you back-track the originating page/session.  The Steps details can also help provide this information.  Based on your description and effort, you can probably mark this as a False Positive using the right-click menu to access that in the Vulnerabilities pane, or after opening the Review Vulnerability feature from that same right-click menu.  On subsequent scans you can Import these False Positives during the Scan Wizard or after the scan completes in order to filter out this issue.

 

However, you may also want to try loading this page and similar ones in your browser and/or the HTTP Editor tool to understand what sort of responses the server is providing.


-- Habeas Data
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.