Tenable Web App Scanning Scanner 1.10.x Release Notes
Tenable Web App Scanning automatically updates to new releases:
- Tenable Web App Scanning Cloud Scanner – Updated automatically by Tenable.
- Tenable Core + Tenable Web App Scanning Linked Scanner – Updated automatically by Tenable Core.
For information about the new features, improvements, and bug fixes included in each 1.10.x release, see:
Tenable Web App Scanning Scanner 1.10.5 (2021-03-02)
New Features and Improvements
Tenable Web App Scanning Scanner version 1.10.5 includes the following new features and improvements.
-
OpenAPI file support was updated to support the externalDocs property.
Bug Fixes
Tenable Web App Scanning Scanner version 1.10.5 includes the following bug fixes.
| Bug Fixes | Defect ID |
|---|---|
| SSL/TLS Certificate Common Name Mismatch False Positive | 01156805 |
| OpenAPI file with externalDocs cannot be processed | 01171209 |
| Aborted scan due to large vulnerability payload | 01170604 |
Tenable Web App Scanning Scanner 1.10.4 (2021-02-12)
Bug Fixes
Tenable Web App Scanning Scanner version 1.10.3 includes the following bug fixes.
| Bug Fixes | Defect ID |
|---|---|
| Curl upgrade on Tenable Web App Scanning scanner hosts | N/A |
Tenable Web App Scanning Scanner 1.10.3 (2021-02-11)
Bug Fixes
Tenable Web App Scanning Scanner version 1.10.3 includes the following bug fixes.
| Bug Fixes | Defect ID |
|---|---|
| Curl library upgrade to address potential segmentation faults | N/A |
Tenable Web App Scanning Scanner 1.10.2 (2021-02-11)
Bug Fixes
Tenable Web App Scanning Scanner version 1.10.2 includes the following bug fixes.
| Bug Fixes | Defect ID |
|---|---|
| DOM Element Exclusion plugin failed to be reported in scans | N/A |
| DOM Element Exclusion plugin output updates | N/A |
Tenable Web App Scanning Scanner 1.10.1 (2021-02-08)
Bug Fixes
Tenable Web App Scanning Scanner version 1.10.1 includes the following bug fixes.
| Bug Fixes | Defect ID |
|---|---|
| Addressed DOM Element Exclusion logic error during DOM exploration | N/A |
| Addressed Magento Log File Detected plugin detection logic | N/A |
Tenable Web App Scanning Scanner 1.10.0 (2021-02-04)
New Features and Improvements
Tenable Web App Scanning Scanner version 1.10.0 includes the following new features and improvements.
- DOM Element Exclusion
Engine support for an upcoming new feature has been implemented that will allow users to specify a list of DOM elements to not interact with. This functionality can be used in various cases, like preventing the scanner from clicking a Logout button or from interacting with buttons that could trigger workflows not desired during the target assessment.
- Frame Support in Authentication
Added enhanced support for frame and iframes elements during authentication. The Tenable Web App Scanning scanner is now able to interact with login forms and detect the login authentication patterns within any frame on a the page. This enhanced feature facilitates the configuration of authentication for sites relying on frames.
- DNS Resolution Retry Mechanism
Sometimes a web application may return the same header multiple times in the HTTP responses. The engine introduced in this new scanner version provides a simple way for plugins to get access to either all or just the first header returned by the application to prevent processing of unexpected formats.
- Improved Unicode Support for Web sockets
Support of UTF-8 contents in web sockets has been added.
- New Plugins
-
98111 - DOM Elements Excluded
-
112672 - Easy WP SMTP Plugin for WordPress < 1.4.3 Debug Log Disclosure
-
112673 - Resin < 4.0.40 Incorrect Unicode Transformations
-
112674 - Joomla! 3.x < 3.9.24 Multiple Vulnerabilities
-
112675 - Contact Form 7 Plugin for WordPress < 5.3.2 Arbitrary File Upload
-
112676 - Apache Tomcat 7.0.x < 7.0.107 Information Disclosure
-
112677 - PHP 8.x < 8.0.1 Input Validation Error
-
112678 - PHP 7.4.x < 7.4.14 Input Validation Error
-
112679 - PHP 7.3.x < 7.3.26 Input Validation Error
-
112680 - Drupal 9.1.x < 9.1.3 Third-Party Library Vulnerability
-
112681 - Drupal 9.0.x < 9.0.11 Third-Party Library Vulnerability
-
112682 - Drupal 8.9.x < 8.9.13 Third-Party Library Vulnerability
-
112683 - Drupal 7.x < 7.78 Third-Party Library Vulnerability
-
- Other Improvements
-
Introduced the possibility to define a priority for HTTP requests, to ensure that these are moved at the top of the queue of requests to send. This allows faster plugin completion when plugins need to perform some additional requests to verify the existence of a vulnerability before actually publishing it.
-
The browser component has been improved to automatically detect JavaScript errors raised by the browser when communicating with the web application, preventing plugins processing from being aborted due to these errors.
-
The output of all Selenium plugins has been updated to start command numbering by 1 instead of 0.
-
The Scan Time Limit Reached note contents have been updated for PCI scans to take into account that users cannot update the scan time limit.
-