Tenable Web App Scanning Scanner 1.6.x Release Notes
The Tenable Web App Scanning Scanner automatically updates to new releases:
- Tenable Web App Scanning Cloud Scanner – Updated automatically by Tenable.
- Tenable Core + Tenable Web App Scanning Linked Scanner – Updated automatically by Tenable Core.
For information about the new features, improvements, and bug fixes included in each 1.6.x release, see:
Tenable Web App Scanning Scanner 1.6.1 (2020-09-16)
New Features and Improvements
Tenable Web App Scanning Scanner version 1.6.1 includes the following new features and improvements.
- New Attachment Added to Plugin 98007 (URI Blocked Due to Exclusion Rule)
Plugin 98007 (URI Blocked Due to Exclusion Rule) now includes an attachment with the list of all URLs that have been blocked.
Bug Fixes
Tenable Web App Scanning Scanner version 1.6.1 includes the following bug fixes.
| Bug Fixes | Defect ID |
|---|---|
| Scan time limit may not be honored under rare circumstances, leading scan to be aborted by Tenable Vulnerability Management platform | 01070195 |
| False positive detected for wildcard certificates on Plugin 112541 SSL/TLS Certificate Common Name Mismatch | 01088497 |
Tenable Web App Scanning Scanner 1.6.0 (2020-09-14)
New Features and Improvements
Tenable Web App Scanning Scanner version 1.6.0 includes the following new features and improvements.
- Exclusion List Support
The Tenable Web App Scanning Scanner will now use the exclusions defined in a Tenable Vulnerability Management user account to either prevent Tenable Web App Scanning scans from being started on excluded assets or to block any HTTP requests from being sent on assets identified during the scan.
Plugin 98007 (URI Blocked Due to Exclusion Rule) is now available whenever excluded assets have been identified.
- New Plugin 98061 (Cookies Collected)
The Tenable Web App Scanning Scanner now collects all cookies that could have been identified during the scan and provides them in the new plugin 98061 (Cookies Collected).
- New Plugins
- 98007 - URI Blocked Due to Exclusion Rule
- 98061 - Cookies Collected
- 112566 - Discount Rules for WooCommerce Plugin for WordPress < 2.1.0 Multiple Vulnerabilities
- 112573 - Quiz And Survey Master Plugin for WordPress < 7.0.1 Multiple Vulnerabilities
- 112574 - Newsletter Plugin for WordPress < 6.8.2 Multiple Vulnerabilities
- 112575 - WordPress YITH WooCommerce Ajax Product Filter plugin < 3.11.1
- 112576 - Comments wpDiscuz Plugin for WordPress 7.x < 7.0.5 Arbitrary File Upload
- 112577 - Icegram Email Subscribers & Newsletters Plugin for WordPress < 4.5.1 Multiple Vulnerabilities
- 112578 - GNU Bash Environment Variable Handling Code Injection (Shellshock) [CVE-2014-6271]
- 112579 - File Manager Plugin for WordPress 6.x < 6.9 Remote Code Execution
- 112580 - Apache 2.4.46
- 112581 - Joomla 3.9.21
- 112582:112593 - SharePoint Server July/August/September 2020
- Other Improvements
-
The Tenable Web App Scanning scanner now supports PCI Tenable Web App Scanning scans in preperation of PCI becoming available in the new Tenable Web App Scanning UI.
-
Bug Fixes
Tenable Web App Scanning Scanner version 1.6.0 includes the following bug fixes.
| Bug Fixes | Defect ID |
|---|---|
| False positive detected in plugin 98112 Cross-Site Request Forgery | 01070561 |
| False Positive detected in plugin 98098 Source Code Disclosure | 01072340 |