This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.
A web security application on the remote host is affected by an
unauthorized information disclosure vulnerability.
The version of HP WebInspect installed on the remote Windows host is
affected by an unauthorized information disclosure vulnerability due
to an XML external entity injection flaw that is triggered during the
parsing of XML data. A remote attacker can exploit this, via a
malicious website scanned by HP WebInspect, to read arbitrary system
See also :
Upgrade to HP WebInspect version 10.40.282.10 (10.4 Software Update
1) or later.
Note that HP has not yet made this update generally available via
SmartUpdate, and you must contact HP Support directly for the fix.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.4
Public Exploit Available : true