New Features
- Added a test for XSS on Apache HTTP Server 413 error pages via malformed HTTP method
- Added a test for Joomla! v3.2.1 SQL Injection
- Added a test looking for WEB-INF/web.xml backups (at directory level and at file level)
Improvements
- Limited the maximum number of variations from HTML forms
- Login Sequence Recorder will now skip recording automatic redirects
- Improved automatic in-session detection (Login Sequence Recorder)
- PHP AcuSensor - Added the ability to handle PHP5 Closures and improved handling of large data
- Improved ELMAH Information Disclosure script to cover default installation locations
- Improved ability to identify redirect variants in JavaScript code
- Improvements to the Backup File Tests
- Improvements to the Directory Traversal Tests
- Improvements to the File Inclusion Tests
- Added support for HSQL Error Messages
- Improvements to the Possible Sensitive Directories Tests
- Improvements to the Possible Sensitive Files Tests
- Improvements to the URL Redirection script
Bug Fixes
- Fixed a number of memory leaks
- Fixed an issue causing the scan to hang caused by invalidated sessions
- Fixed an issue causing the scan from crawler executed all tests twice
- Fixed a crash in the Session Manager caused by invalid server dates
- URL finder regex hanged on some basic inputs
- EOutOfMemory exceptions during the execution of scripts will not cause WVS to crash. The scan will be stopped when such an exception is encountered
- Fixed issue with false positives not being saved to disk when marked from the Vulnerability Information panel
- Ignore external scripts feature in DeepScan was sometimes still processing external scripts