New Vulnerability checks
- New test for Apache Solr XXE (CVE-2017-12629)
- New test for RCE in Spring Security OAuth (CVE-2016-4977)
- New test for Apache mod_jk access control bypass (CVE-2018-11759)
- New test for Unauthenticated Stored XSS in WordPress Plugin WPML (CVE-2018-18069)
- New test for ACME mini_httpd (web server) arbitrary file read (CVE-2018-18778)
- New test for OSGi Management Console Default Credentials
- New test for Flex BlazeDS AMF Deserialization RCE (CVE-2017-5641)
- New test for common misconfigurations in ColdFusion
- New test for AMF Deserialization RCE in ColdFusion (CVE-2017-3066)
- New test for JNDI injection in ColdFusion (CVE-2018-15957)
- New test for unauthenticated File uploading in ColdFusion (CVE-2018-15961)
- New WordPress / WordPress plugin vulnerability checks
Updates
- Improved the injection of payloads and other improvements in the handling of JSON data
- Updated Chromium to fix Chromium vulnerability
- Improved web application detection
Fixes
- Corrected LSR launch message for Linux installations
- Fixed Update License issue on Internet Explorer
- Fixed several memory leaks/scanner closing unexpectedly
- Fixed issue affecting the processing of some content types
- Some cookies were being added multiple times during the scan
- Some redirects were not being correctly handled
- Some requests generated by the scanner incorrectly contained two backslashes ('//')
- Fixed issue in the Backup Folders checks going out of scope
- Several minor fixes