Qualys WAS Engine 8.13 Released

John Delaroderie

Happy New Year. Over the busy holiday season, Qualys Web Application Scanning Engine 8.13 was released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the scanning engine in Qualys Web Application Scanning.

This update includes the following changes:

  • Improvements to QID 150114 (Arbitrary File Upload Vulnerability) detection methodology
  • Add banner checks to detect and report web technologies in QID 150247 (Information Disclosure)
  • Selenium execution reporting improvements
  • OOB OS command injection detection

Additionally, the following Information Gathered QIDs have been deprecated. These findings are now reported as severity 5 vulnerabilities:

  • 150058 – EOL/Obsolete Software: Adobe Flash Content Detected
  • 150345 – EOL/Obsolete Software: Apache Tomcat 6.0.x Detected
  • 150348 – EOL/Obsolete Software: Apache Tomcat 8.0.x Detected
  • 150350 – EOL/Obsolete Software: Apache Tomcat 7.0.x Detected

The new severity 5 vulnerabilities that have replaced the deprecated QIDs are:

  • 150357 – EOL/Obsolete Software: Apache Tomcat 6.0.x Detected
  • 150358 – EOL/Obsolete Software: Apache Tomcat 7.0.x Detected
  • 150359 – EOL/Obsolete Software: Apache Tomcat 8.0.x Detected
  • 150360 – EOL/Obsolete Software: Adobe Flash Content Detected

As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help > Contact Support while logged into the platform. Feel free to post a question on Qualys Community as well.

Happy Scanning.

Share your Comments

Comments

Your email address will not be published.