10-Jul-2020

IMPROVEMENTS

• Added a highlight icon to the attack parameters on the vulnerability reports
• Added a report URL to the scheduled reports

FIXES

• Fixed a ObjectDisposedException that was occasionally thrown when the attacker started in manual proxy mode
• Fixed a NRE that occurred when exporting a report from a scheduled scan
• Fixed an issue caused when the login page identifier was disabled in the Scan Policy
• Fixed an issue where the Jira Send To Action failed to create an issue when the components field did not exist in the project
• Fixed the issue where the content type was not parsed correctly when there were multiple Content-type headers
• Fixed the issue where responses were not being analyzed in signature detection in the re-crawl phase.
• Fixed the list of enabled security checks on reports
• Changed the Sans Top 25 classification name to CWE on reports

NEW SECURITY CHECKS

• Added an F5 Big IP LFI (CVE-2020-5902) attack pattern
• Added out of date checks for Apache Traffic Server
• Added version disclosure for Undertow Server
• Added out of date checks for Undertow Server
• Added version disclosure for Jenkins
• Added out of date checks for Jenkins
• Added signature detection for Kestrel
• Added detection for Tableau Server
• Added detection for Bomgar Remote Support Software
• Added version disclosure for Apache Traffic Server