Educause Security Discussion mailing list archives
Re: HP's WebInspect
From: Dave Ferguson <gmdavef () GMAIL COM>
Date: Mon, 10 Aug 2009 22:00:11 -0500
Stephen, Very recently I ran into the same error you did in the WI report generator. I noticed the error occurred only for the "Vulnerability (Classic)" report. So for the critical findings, I ran the "Vulnerability Summary" report instead. The report is not as good, but at least its a workaround. I didn't have time or patience to deal with HP so I never actually reported the problem. Dave F. On Fri, Aug 7, 2009 at 12:12 PM, Bradley, Stephen W. Mr. < bradlesw () muohio edu> wrote:
Amazingly enough within ten minutes of posting this message I got a call from HP. They said that their latest version of WI has a serious out of memory problem in addition to our problem and that they are trying to get it fixed and released to the users. We will see. ------------------------------ *From:* Morrow Long [mailto:morrow.long () yale edu] *Sent:* Friday, August 07, 2009 1:08 PM *To:* The EDUCAUSE Security Constituent Group Listserv *Subject:* Re: [SECURITY] HP's WebInspect We purchased it (a single copy) in June and have recently brought it up. We've had a few problems with the license manager and license key as well as getting a response from HP (who only recently acquired the product from SPI Dynamics). I'll forward your message on to our staff member working on HP WebInspect. - Morrow On Aug 7, 2009, at 11:35 AM, Bradley, Stephen W. Mr. wrote: Has anyone else had problems with HP’s WebInspect lately or for that matter their customer support in general? We have had WI for several years now and have a paid up maintenance contract and are receiving little to no response on a problem that cropped up after an update almost 7 weeks ago. The problem is with the reporting function in version 8.0.625.1. We can run the scans but if you select a report that has critical vulnerabilities in it the report generator crashes with invalid characters. We have been told several stories so far about the problem and although they seem to be plausible stories it doesn’t look like they are working to fix any of them. The front runner in causes is that they hash the IP address in the scan data and that some of the hashes produce characters that cause the report generation of the software to crash. Sounds good and they can duplicate the problem at will and they have other sites with the same problem so how hard can it be to fix it. At this point we have what amounts to a very expensive piece of software that produces no useful information Thanks steve Stephen W. Bradley SSCP GCIH GCFA CISSP Network Security Specialist Miami University Security Engineering Business & Infrastructure Services 513-529-8129 bradlesw () muohio edu
Current thread:
- HP's WebInspect Bradley, Stephen W. Mr. (Aug 07)
- <Possible follow-ups>
- Re: HP's WebInspect Dave Kovarik (Aug 07)
- Re: HP's WebInspect Morrow Long (Aug 07)
- Re: HP's WebInspect Bradley, Stephen W. Mr. (Aug 07)
- Re: HP's WebInspect Dave Ferguson (Aug 10)
- Re: HP's WebInspect Dean De Beer (Aug 11)