Invicti Enterprise On-Demand 13 Oct 2021

This update includes changes to Internal Agents. The internal agent’s current version is 2.0.2.125.

IMPROVEMENTS

  • Added a new security check to identify version disclosure and out-of-date version for Atlassian Confluence CVE-2021-26084

FIXES

  • Fixed a bug that results in missing HTTP headers of target URL when added with imported links. 
  • Fixed an issue that causes proof creation for SQL injection and Cross-site Scripting even if the proof generation is disabled.
  • Fixed an issue that prevents cookie’s same site attribute from being updated which causes “same-site cookie is not implemented” vulnerability to be reported. 
  • Fixed a JSON Web Token (JWT) validation check that causes too many invalid token errors when using Bearer Authentication Tokens in the form authentication. 
  • Fixed an issue where host and path parameters in Postman collection were not imported when they are string instead of an array. 
  • Fixed a bug that returns 401 when the scanner sends HTTP headers in lowercase.
  • Fixed a bug about cookie handling in the logout detection page during the form authentication verification. 
  • [INTERNAL AGENTS] Fixed a bug that results in slow response time from the web application to the agent that causes inconsistent vulnerability reports in the Blind SQL Injection.