Environment
Situation
Web Inspect determines that the NetIQ Aegis Web Operations Console has Cross-site scripting vulnerabilities.
Cookies that contain user logon IDs are persistent.
Resolution
This issue is corrected in Hotfix 71900 for the NetIQ Aegis Web Operations Console. Hotfix 71900 can be downloaded here.
Why Install This Hotfix?
This hotfix resolves a security issue in the Aegis Operations Console. Before you apply this hotfix, cookies that contain user logon IDs are persistent. After you apply this hotfix, you will be able to disable persistent cookies in the Web.Config file, typically located in C:\Program Files\NetIQ\Aegis\Website on the Web Server computer. To disable persistent cookies, close all instances of the Operations Console, and then set the UseCookies key to false.
Installing This Hotfix
Complete the following steps to install this hotfix.
- Log on to the Web Server computer with a local administrator account.
- Run the Aegis21_Hotfix71900.exe file.
- Follow the instructions in the wizard until you have finished installing the hotfix.
- The hotfix installation program automatically restarts the IIS Admin Service and its dependent services.
Cause
Additional Information
Modified Files
This hotfix modifies the following files in the C:\Program Files\NetIQ\Aegis\Website folder on the Web Server computer:
- Initialization.aspx.cs
- Web.Config
- \bin\AegisWebConsole.dll (Build Number 2.1.2.128)
- \bin\AegisWebConsole.pdb
- \bin\NetIQ.Aegis.Web.dll (Build Number 2.1.2.128)
- \bin\NetIQ.Aegis.Web.pdb
- \Content\Forms\Login\Module.ascx.cs
This hotfix adds the following files to the C:\Program Files\NetIQ\Aegis\HotFixes\Aegis21_Hotfix71900 folder on the Web Server computer:
- Aegis21_Hotfix71900.log
- Aegis21_Readme71900.htm
- Install.log
Contact Information
Please contact us with your questions and comments. We look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.