Invicti Product Release Notes
10 Jul 2020
10-Jul-2020
IMPROVEMENTS
- Added a highlight icon to the attack parameters on the vulnerability reports
- Added a report URL to the scheduled reports
FIXES
- Fixed a ObjectDisposedException that was occasionally thrown when the attacker started in manual proxy mode
- Fixed a NRE that occurred when exporting a report from a scheduled scan
- Fixed an issue caused when the login page identifier was disabled in the Scan Policy
- Fixed an issue where the Jira Send To Action failed to create an issue when the components field did not exist in the project
- Fixed the issue where the content type was not parsed correctly when there were multiple Content-type headers
- Fixed the issue where responses were not being analyzed in signature detection in the re-crawl phase.
- Fixed the list of enabled security checks on reports
- Changed the Sans Top 25 classification name to CWE on reports
NEW SECURITY CHECKS
- Added an F5 Big IP LFI (CVE-2020-5902) attack pattern
- Added out of date checks for Apache Traffic Server
- Added version disclosure for Undertow Server
- Added out of date checks for Undertow Server
- Added version disclosure for Jenkins
- Added out of date checks for Jenkins
- Added signature detection for Kestrel
- Added detection for Tableau Server
- Added detection for Bomgar Remote Support Software
- Added version disclosure for Apache Traffic Server