000032536 - When trying to view, download or delete a ASR in RSA Via Lifecycle & Governance (L&G), the following error displays:  The request could not be handled

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000032536
Applies ToRSA Product Set:  Identity Management and Governance
RSA Product/Service Type:  Hosted
RSA Version/Condition:  7.0
Platform:  Linux
O/S Version:  Red Hat Enterprise Linux 6.x
Product Description:  Software Bundle
IssueWhen trying to download or view an ASR,the following error displays: 
 
Request Error
The request could not be handled.

The ../aveksa.ear/aveksa.war/log/aveksaServer.log shows errors such as:
ERROR (default task-103) [com.aveksa.gui.core.GuiFramework] Unsafe characters detected in URL parameters. Possible XSS attack.:
Login ID: abc123
Request: https://hostname.company.com:8443/aveksa/main?ReqType=Dialog&PageID=
DownloadSystemReportDialogData&BreadcrumbLevel=0&Action=New&SYSTEM_REPORT_NAME=COMPANY+DEVELOPMENT+7.0_Aveksa_
Statistics_Report.20160208.125051
Referrer: https://hostname.company.com:8443/aveksa/main?ReqType=GetPage&PageID=SystemDiagnosticsPageData&BreadcrumbLevel=0
Invalid string: SYSTEM_REPORT_NAME
com.aveksa.server.core.SecurityException: Unsafe characters detected in URL parameters. Possible XSS attack.
CauseAveksa 7.0 has additional protection against cross-site scripting (XSS) attacks as compared to previous versions.  
Navigate to System  >  Settings  >  Environment.  The Name value is blank by default.  If there is an entry in the field, certain special characters (including spaces) can cause problems during report generation.   The problems are not actually seen until downloading or viewing the report.
 
WorkaroundAs a workaround,
  1. Navigate to System > Settings and click Edit.  
  2. Under Environment, there is a field for Name:
  3. Either empty this field or use a name with no special characters or spaces. 
  4. Press OK.
Now generate the report again:
  1. Navigate to System > Diagnostics.
  2. Click Create Report.
  3. When done, select to view, download or delete the report.

Attachments

    Outcomes