Invicti Enterprise On-Demand 13 Oct 2021
This update includes changes to Internal Agents. The internal agent’s current version is 18.104.22.168.
- Added a new security check to identify version disclosure and out-of-date version for Atlassian Confluence CVE-2021-26084.
- Fixed a bug that results in missing HTTP headers of target URL when added with imported links.
- Fixed an issue that causes proof creation for SQL injection and Cross-site Scripting even if the proof generation is disabled.
- Fixed an issue that prevents cookie’s same site attribute from being updated which causes “same-site cookie is not implemented” vulnerability to be reported.
- Fixed a JSON Web Token (JWT) validation check that causes too many invalid token errors when using Bearer Authentication Tokens in the form authentication.
- Fixed an issue where host and path parameters in Postman collection were not imported when they are string instead of an array.
- Fixed a bug that returns 401 when the scanner sends HTTP headers in lowercase.
- Fixed a bug about cookie handling in the logout detection page during the form authentication verification.
- [INTERNAL AGENTS] Fixed a bug that results in slow response time from the web application to the agent that causes inconsistent vulnerability reports in the Blind SQL Injection.