Home
/
Documentation
/
Invicti Standard Release Notes
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
Release Notes

Invicti Standard

RSS FEED
11-Feb-2021
COPY LINK

IMPROVEMENTS

  • Added IAST suffix to titles of vulnerabilities identified by Invicti Shark

FIXES

  • Fixed the issue that custom fields were removed when a vulnerability was cached
  • Fixed a typo in the Invicti Shark dialog
  • Fixed the issue that Invicti Shark responses were reported as comments in the Knowledge Base
  • Fixed the issue that Invicti Shark engines were not enabled on old scan policies
  • Fixed renaming default scan profile while using the Invicti Shark configuration with test websites
  • Fixed setting explicit logout URL from the authentication verification dialog
  • Fixed an NRE that occurred while opening the Invicti Enterprise options panel in Invicti Standard
11-Apr-2016
COPY LINK

FIXES

  • Fixed an exception that happens when reordering form values.
  • Fixed the hidden URL text box on custom URL rewrite settings.
  • Fixed the clipped automatic update notification label.
10-Jul-2020
COPY LINK

IMPROVEMENTS

  • Added a highlight icon to the attack parameters on the vulnerability reports
  • Added a report URL to the scheduled reports

FIXES

  • Fixed a ObjectDisposedException that was occasionally thrown when the attacker started in manual proxy mode
  • Fixed a NRE that occurred when exporting a report from a scheduled scan
  • Fixed an issue caused when the login page identifier was disabled in the Scan Policy
  • Fixed an issue where the Jira Send To Action failed to create an issue when the components field did not exist in the project
  • Fixed the issue where the content type was not parsed correctly when there were multiple Content-type headers
  • Fixed the issue where responses were not being analyzed in signature detection in the re-crawl phase.
  • Fixed the list of enabled security checks on reports
  • Changed the Sans Top 25 classification name to CWE on reports

NEW SECURITY CHECKS

  • Added an F5 Big IP LFI (CVE-2020-5902) attack pattern
  • Added out of date checks for Apache Traffic Server
  • Added version disclosure for Undertow Server
  • Added out of date checks for Undertow Server
  • Added version disclosure for Jenkins
  • Added out of date checks for Jenkins
  • Added signature detection for Kestrel
  • Added detection for Tableau Server
  • Added detection for Bomgar Remote Support Software
  • Added version disclosure for Apache Traffic Server
1-Nov-2019
COPY LINK

FIXES

  • Fixed a NullReferenceException that was occasionally thrown during authentication verification
  • Fixed a NullReferenceException that was occasionally thrown when a sitemap link was selected
  • Fixed wrong tooltips that were shown on footer severity icons
  • Fixed an application lock when the UI language was changed during a scan
  • Fixed chunked encoding handling in the internal proxy
  • Fixed a deadlock that was occasionally happening during policy optimization
1-Nov-2016
COPY LINK

New Technical Check

Improvements

  • Improved the Content Security Policy (CSP) and "Misconfigured Access-Control-Allow-Origin Header" vulnerability templates.
  • Improved CSP vulnerability detection by only reporting vulnerabilities on HTML resources.
  • Team Foundation Server Send To action now populates severity and repro steps fields.
  • Improved report generation dialog by remembering the last used settings separately for each report type.
  • Added "Copy as cURL" context menu item to site map.
  • Added support for HTTP POST method while using Open in Browser site map context menu option.
  • Added support for attacking to User-Agent and Referer request headers.
  • Improved scan session export dialog by suggesting default file names.
  • Improved the coverage of the boolean SQL injection vulnerability engine.
  • Improved GitHub send to configuration by check the existence of the specified repository.

Fixes

  • Fixed various encoding issues on request builder.
  • Fixed the splash screen issue where it opens on wrong monitor on multi monitor setups.
  • Fixed External CSS, Script and Frame knowledge base items which do not consider the port while performing checks.
  • Fixed the missing method values on vulnerability summary table of reports.
  • Fixed the missing dashboard statistics when a scan session is imported.
  • Fixed the site map Copy URL issue for some nodes which were missing URL information.
  • Fixed a hang that may occur when windows gets locked, goes to sleep or hibernation.
  • Fixed an issue with auto save where scan is not saved during the extra confirmation phase.
  • Fixed an issue in open redirect detection where incorrect URLs may also be reported.
  • Fixed the zero progress bar issue on loaded scan files.
  • Fixed various CSP vulnerability highlight issues.
  • Fixed an issue related with form authentication which prevents logout detection during attacking phase.
  • Fixed an issue related with temp file generation.
  • Fixed an Local File Inclusion vulnerability detection issue when attacked with a FullUrl payload.
  • Fixed an extra tab on Scanned URLs List (CSV) report template.
  • Fixed the size of scan policy editor dialog on screens with high DPI.
  • Fixed the incorrect severity icon on site map when a vulnerability is selected.
  • Fixed an incorrect retest result occurs when the target web site is not reachable.
  • Fixed a CSP vulnerability issue for deprecated CSP header name on meta tags.
  • Fixed the remaining registry keys after uninstall.