tracker issue : CF-4166822

select a category, or use search below
(searches all categories and all time range)
Title:

(Update 2) security analyzer does not detect xss and csrf (Japanese Ver.)

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Shigeyoshi Muraoka / Shigeyoshi Muraoka (Muraoka Shigeyoshi)

Created: 06/22/2016

Components: Security Analyzer

Versions: 2016

Failure Type:

Found In Build/Fixed In Build: CFB2016_Update2 /

Priority/Frequency: Major / Most users will encounter

Locale/System: Japanese / Win 2008 Server R2

Vote Count: 0

Problem Description:

After applying ColdFusion Builder update 2, security analyzer does not detect xss and csrf.

The issue occurs only if security analyzer connects to Japanese ColdFusion 2016 Enterprise (with upd2 applied).
So the cause seems to exist in Japanse ColdFusion 2016.


Steps to Reproduce:

Select Japanese CF2016 as Servers in ColdFusion Server Settings of Properties for [CF Project], and run security analyzer.


Actual Result:
result_security_analyzer.gif

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4166822

Build Regressed:	2016.0.3.300301

External Customer Info:
External Company:  
External Customer Name: Muraoka Shigeyoshi
External Customer Email:  
External Test Config: My Hardware and Environment details:

Attachments:

  1. June 22, 2016 00:00:00: 1_result_of_security_analyzer.zip

Comments:

Verified in Update 2. The issue is valid and I can reproduce the same. XSS, HTML to PDF XSS and CSRF attacks are not getting detected.
Comment by Arpit G.
2333 | June 28, 2016 01:22:21 AM GMT
Fixed in build 300301.
Comment by Arpit G.
2334 | September 27, 2016 01:23:41 AM GMT