Invicti Standard 16 Mar 2023 v23.3.0

Version information: 23.3.0.39944

New security checks

  • Added package.json Configuration File attack pattern.
  • Added new File Upload Injection pattern.
  • Added SSRF (Equinix) vulnerability.
  • Added Swagger user interface Out-of-Date vulnerability.
  • Added a file upload injection pattern.
  • Added StackPath CDN Identified vulnerability.
  • Added Insecure Usage of Version 1 GUID vulnerability.
  • Added JBoss Web Console JMX Invoker check.
  • Added Windows Server check.
  • Added Windows CE check.
  • Added Cloudflare Identified, Cloudflare Bot Management, Cloudflare Browser Insights, and cdnjs checks.
  • Added Varnish Version Disclosure vulnerability check.
  • Added Stack Trace Disclosure (Apache Shiro) vulnerability check.
  • Added Java Servlet Ouf-of-Date vulnerability check.
  • Added AEM Detected vulnerability check.
  • Added CDN Detected(JsDelivr) vulnerability check.

Improvements

  • Improved the scan compression algorithm to lower the size of the scan data.
  • Improved WS_FTP Log vulnerability test pattern.
  • Improved X-XSS-Protection Header Issue vulnerability template.
  • Improved MySQL Database Error Message attack pattern.
  • Improved XML External Entity Injection vulnerability test pattern.
  • Improved Forced Browsing List.
  • Added CWE classification for Insecure HTTP Usage.
  • Added GraphQL Attack Usage to existing test patterns by default.

Fixes

  • Fixed an issue that may cause out-of-memory when cloning callbacks of the browser.
  • Fixed the update issue in the Proof node in the Knowledge Base panel.