cancel
Showing results for 
Search instead for 
Did you mean: 

Security scanner false positive 10975 and 8788

SOLVED

Security scanner false positive 10975 and 8788

Hi all,

 

I'm getting false positives for both SUPEE-10975 and SUPEE-8788. Both seem to rely on detecting a "proxy signs" of not having these patches installed.

 

First one states "missing jQuery". I don't think missing jQuery is a bad thing Smiley Tongue But once you start optimizing, you might not serve "vanilla" routes to your resources. If this is the only "proxy" to verify a patch, please mark as "undetectable".

 

Same goes for 8788: it tries to rely on some css snippet.

 

The patches have been applied, store is running latest version available at the moment (at time of writing 1.9.4.1).

 

Why is this a bad thing?

 

Reporting false positives (without the possibility to mute a specific check) defeats the whole purpose of having security scans/alerts: they get ignored.

 

Is there anything I can do to improve, get in touch with the team, create a PR?

 

Kind regards!

 

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Security scanner false positive 10975 and 8788

@dna_techwhat is the store URL you experiencing the problem with?

View solution in original post

10 REPLIES 10

Re: Security scanner false positive 10975 and 8788

@dna_tech 

You can contact security@magento.com and provide the details. They will possibly look into it and get back to you in case a false positive or if there is something else.

 

Problem solved? Please give 'Kudos' and accept 'Answer as Solution'.

- Tarandeep
Problem solved?Please give 'Kudos' and accept 'Answer as Solution'.

Re: Security scanner false positive 10975 and 8788

Thank you for the suggestion. Even though last time I sent an email to that address I got no reply, I tried again. Until today I did not even get a confirmation of the email (it did not bounce - yet).

I'll give a couple of more days, but as you might imagine it did not solve my issue.

 

Thanks anyway!

Re: Security scanner false positive 10975 and 8788

Unfortunately nobody responded. Does anyone know hoe to get in touch with the team (other than email)?

Re: Security scanner false positive 10975 and 8788

Hi @dna_tech 

 

I think @msavich may help you.

---
Problem Solved Click Accept as Solution!:Magento Community India Forum

Re: Security scanner false positive 10975 and 8788

@dna_techwhat is the store URL you experiencing the problem with?

Re: Security scanner false positive 10975 and 8788

Since the answer has been answered in a private conversation, I'm accepting what lead to the fix. The issue was two-fold: the first was indeed a false positive when using mod_pagespeed (has been fixed and confirmed), the latter was no false positive, but an error on my end. We removed the obsolete file and got rid of the alert.

Many thanks to @msavich for a swift response!

Re: Security scanner false positive 10975 and 8788

@msavich @dna_tech Just wondering what this file might have been. I am experiencing a false positive for my site also. For SUPEE-8788, but I am running 1.9.3. Your help is greatly appreciated! Thank you. 

Re: Security scanner false positive 10975 and 8788

Replied from the wrong account, removed....

Please reply to @msavich directly

Re: Security scanner false positive 10975 and 8788

Hello,

What is the store URL you have the problem with?