Qualys WAS Engine 8.12 Released

John Delaroderie

Qualys Web Application Scanning Engine 8.11 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the scanning engine in Qualys Web Application Scanning.

This update includes the following changes:

  • Mulit-threading improvements to WebCGI test phase
  • Added support for various HTML 5 input types
  • Added support for Re-Authentication for Selenium scripts and standard form based authentication1
  • Postman Collection improvements to use Cookies in global variables
  • Improvements to PRSSI to avoid reporting on internal Selenium CSS pages
  • New QIDs:
    • 150361 Atlassian Jira IDOR Disclosure of Private Project Titles (CVE-2020-14174)
    • 150363 Atlassian Jira – Project enumeration via Jira Projects plugin report page
    • 150364 Keycloak SSRF – CVE-2020-10770
    • 150365 Atlassian Jira Server – Mobile site reveals the summary titles of privately linked tickets (CVE-2020-36235)
    • 150368 Atlassian Confluence Server WebWork OGNL Injection Remote Code Execution Vulnerability (CVE-2021-26084)
    • 150369 Atlassian Confluence Server Pre-Authorization Arbitrary File Read Vulnerability (CVE-2021-26085)
    • 150370 Atlassian Jira Server – Custom field options are exposed via an unauthenticated REST API endpoint – (CVE-2020-36237)
    • 150371 Atlassian Jira Server and Data Center Arbitrary File Read (CVE-2021-26086)
    • 150373 Apache HTTP Server Remote Code Execution (CVE-2021-41773)
    • 150374 Apache HTTP Server Multiple Vulnerabilities (CVE-2021-42013)
    • 150376 Atlassian Jira Server Board metadata is viewable without permissions via IDOR (CVE-2020-36231)
    • 150377 Eclipse Jetty Sensitive File Disclosure (CVE-2021-28164)
    • 150378 WordPress Woocommerce status of arbitrary orders enumeration (CVE-2020-29156)
    • 150379 Atlassian Jira Server Improper authorization (CVE-2020-4029)
    • 154087 Joomla! Core – CSRF and User Enumeration Vulnerability
    • 154089 Drupal Core Critical Remote Code Execution Vulnerability (SA-CORE-2020-01
    • 154101 Drupal Core Arbitrary Code Execution Vulnerability (SA-CORE-2020-013)

As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact Support while logged into the platform. Feel free to post a question on Qualys Community as well.

Happy Scanning.

  1. This feature is not on by default for all customers. Please contact your TAM for additional information.
Share your Comments

Comments

Your email address will not be published. Required fields are marked *