Please can I log a new prioritised ticket relating to a vulnerability discovered today.

We are experiencing an issue whereby any users who are using desktop icons/links and have logged off from Service Desk Plus cannot log back on to the service.  We identified that our Palo Alto Firewalls had a software update and has discovered an historic/old vulnerability from 2005 (see link below)

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2006

It is therefore dropping/refusing any new connection attempts due to JBOS being used as its web server.  We need to close this vulnerability – are you able to support this?

Separately, we have since discovered an alternative link which works ok for our access to SD+ site (http://Servername:8080/HomePage.do?SkipNV2Filter=true) .  It appears to be that the web based form authentication method is failing, whereas the URL provided works fine.  We’re assuming that the SkipNV2Filter parameter on the end of the URL is a way to tell the webserver to skip the Web form and use the Windows credentials, thus bypassing any form authentication

Your awareness/support would be appreciated for this matter.

Please note, we have very limited control over our firewalls as these are 3^rd party managed by our parent company so it is very unlikely we’ll get permission to exclude/add this exception into existing firewall rules.

Please advise.

Current Version