Qualys WAS Engine 8.13 Released
Last updated on: January 6, 2022
Happy New Year. Over the busy holiday season, Qualys Web Application Scanning Engine 8.13 was released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the scanning engine in Qualys Web Application Scanning.
This update includes the following changes:
- Improvements to QID 150114 (Arbitrary File Upload Vulnerability) detection methodology
- Add banner checks to detect and report web technologies in QID 150247 (Information Disclosure)
- Selenium execution reporting improvements
- OOB OS command injection detection
Additionally, the following Information Gathered QIDs have been deprecated. These findings are now reported as severity 5 vulnerabilities:
- 150058 – EOL/Obsolete Software: Adobe Flash Content Detected
- 150345 – EOL/Obsolete Software: Apache Tomcat 6.0.x Detected
- 150348 – EOL/Obsolete Software: Apache Tomcat 8.0.x Detected
- 150350 – EOL/Obsolete Software: Apache Tomcat 7.0.x Detected
The new severity 5 vulnerabilities that have replaced the deprecated QIDs are:
- 150357 – EOL/Obsolete Software: Apache Tomcat 6.0.x Detected
- 150358 – EOL/Obsolete Software: Apache Tomcat 7.0.x Detected
- 150359 – EOL/Obsolete Software: Apache Tomcat 8.0.x Detected
- 150360 – EOL/Obsolete Software: Adobe Flash Content Detected
As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact Support while logged into the platform. Feel free to post a question on Qualys Community as well.
Happy Scanning.