New Vulnerability Checks
- New test for Joomla! Core CSV Injection vulnerability check [CVE-2019-12765]
- New test for Joomla! Core XSS vulnerability check (CVE-2019-12766)
- New test for Joomla! Core Security bypass (CVE-2019-12764)
- New test for Oracle Weblogic XXE (CVE-2019-2647)
- Added the detection of CDNs
- Added the detection of reverse proxies
Updates
- Auto-Login is now using the LSR functionality - this will improve auto-login in general
- Improved detection of DOM XSS
- Improved handling of invalid Selenium scripts
- Improved handling of email addresses fields in web forms
- Improved parsing of WSDL files
- Implemented support for Proxy-Authenticate header
- Improved crawling of Spring-based web applications
- Updated LSR to automatically dismiss modal dialogs during playback
- Reduced false positives in checks looking for sensitive and backup files
- Reduced false positives in SSN number detection
- Reduced false positives in XSS in URIs
- Improved the detection of WAFs
- LSR can now record actions within <iframe> elements
- Jira Issue Tracker integration now supports HTTP Authentication with API key
Fixes
- Fixed a crash when parsing SOAP messages
- Fixed issue in interpretation of some Selenium scripts
- Fixed a number of broken links in the Vulnerability Alerts
- Autologin was recording the password in the log file
- Fixed crash caused when reading specific swagger files
- Fixed crash caused when reading specific large files
- Fixed issue causing the scanner to go into a loop
- Fixed issue causing crawler to not interpret correctly certain locations in JavaScript
- Fixed issue in Manual Intervention
- Fixed issue affecting sites using euc-kr encoding
- Fixed Chromium issue caused when window.chrome is used by the site
- Fixed issue causing Chromium not to load on Kali Linux
- Fixed LSR playback issue caused when input field contained predefined text
- SRI not implemented was being reported multiple times per host