New security checks
- 8.3 DOS filename source code disclosure
- Apache Tomcat Directory Host Appbase authentication bypass vulnerability
- Apache Tomcat WAR File directory traversal vulnerability
- Apache stronghold-info enabled
- Apache stronghold-status enabled
- ColdFusion 9 Solr Service exposed
- Error page path disclosure
- Error page web server version disclosure
- File inclusion RFI list
- Checks for multiple vulnerabilities in XAMPP
- Server-Side Includes (SSI) injection on Unix
- Server-Side Includes (SSI) injection on Windows
- ASP.NET error messages when requesting URL like |.aspx
Improvements
- Added more variants to FCKeditor arbitrary file upload
- Updated cross site scripting in path security checks
- Updated directory listing security checks
- Updated directory traversal on Unix security checks
- Updated file upload security checks
- Updated LDAP injection security checks
- Updated possible sensitive files security checks
- Updated XPath injection security checks
Bug Fixes
- Workaround for window.open used with NULL parameter
- Notify elements that they are unbidden
- Notify form if an input was removed
- Include select element values in submitted data
- Fixed: HttpProt was sending content length with CONNECT
- Fixed: Crawler didn’t consider post data for links from CSA engine; some where ignored
- Fixed: Login sequence recorder was sending requests synchronously