IBM Support

PM97332: AST 8.7.0.1: 'Scan is Incomplete' warning, User interaction needed, but Automatic Form Fill has the required values.

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • AST 8.7.0.1: 'Scan is Incomplete' warning. Listed as 'User
interaction is needed', but Automatic Form Fill has the
necessary values.

Involves the '__EVENTTARGET' and '__EVENTARGUMENT' parameters.

The reason they are not in the Automatic Form Fill (AFF) is that
they are excluded from it due to the Advanced Configuration:
'1910 Special patterns: Exclude from Automatic Form Fill ^CFID
__EVENTVALIDATION __VIEWSTATE ^CFTOKEN __EVENTARGUMENT
__EVENTTARGET ^BV_'

The problem is that AppScan ignores this setting during the
automatic explore.
When a URL containing these parameters is discovered during the
auto explore, AppScan finds that there are parameters with no
value (application specific) and no entry in the Automatic Form
Fill.

?input type='hidden' name='__EVENTTARGET' id='__EVENTTARGET'
value='' /?
?input type='hidden' name='__EVENTARGUMENT' id='__EVENTARGUMENT'
value='' /?

Therefore, AppScan reports 'Scan is Incomplete' and the URL is
listed in the 'User interaction needed' tab of the Application
Data view.

Workaround:
Add the 2 parameters with a blank value in Automatic Form Fill.

Local fix

  • 



Problem summary


    

  • ****************************************************************
* USERS AFFECTED:                                              *
****************************************************************
* PROBLEM DESCRIPTION:                                         *
****************************************************************
* RECOMMENDATION:                                              *
****************************************************************
AST 8.7.0.1: 'Scan is Incomplete' warning. Listed as "User
interaction is needed", but Automatic Form Fill has the
necessary values.

Involves the "__EVENTTARGET" and "__EVENTARGUMENT"
parameters.

The reason they are not in the Automatic Form Fill (AFF) is
that they are excluded from it due to the Advanced
Configuration:
"1910 Special patterns: Exclude from Automatic Form Fill
^CFID __EVENTVALIDATION __VIEWSTATE ^CFTOKEN __EVENTARGUMENT
__EVENTTARGET ^BV_"

The problem is that AppScan ignores this setting during the
automatic explore.
When a URL containing these parameters is discovered during
the auto explore, AppScan finds that there are parameters
with no value (application specific) and no entry in the
Automatic Form Fill.

?input type="hidden" name="__EVENTTARGET" id="__EVENTTARGET"
value="" /?
?input type="hidden" name="__EVENTARGUMENT"
id="__EVENTARGUMENT" value="" /?

Therefore, AppScan reports 'Scan is Incomplete' and the URL
is listed in the 'User interaction needed' tab of the
Application Data view.

    



Problem conclusion


    

  • Fixed in 9.0

    



Temporary fix


    

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    PM97332
    • 

  • Reported component name
    SEC APPSCAN STD
    • 

  • Reported component ID
    5724T5900
    • 

  • Reported release
    870
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt
    • 

  • Submitted date
    2013-09-18
    • 

  • Closed date
    2014-02-10
    • 

  • Last modified date
    2014-02-10
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    SEC APPSCAN STD
    • 

  • Fixed component ID
    5724T5900
    • 



Applicable component levels


    

  • R870  PSN
       UP
    • 








      
              
                            

              

              [{"Business Unit":{"code":null,"label":null},"Product":{"code":"SUPPORT","label":"IBM Worldwide Support"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"870","Edition":"","Line of Business":{"code":null,"label":null}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            08 September 2020
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback