Tenable Web App Scanning Scanner 1.8.x Release Notes
The Tenable Web App Scanning Scanner automatically updates to new releases:
- Tenable Web App Scanning Cloud Scanner – Updated automatically by Tenable.
- Tenable Core + Tenable Web App Scanning Linked Scanner – Updated automatically by Tenable Core.
For information about the new features, improvements, and bug fixes included in each 1.8.x release, see:

New Features and Improvements
Tenable Web App ScanningScanner version 1.8.3 includes the following new features and improvements.
Bug Fixes
Tenable Web App Scanning Scanner version 1.8.3 includes the following bug fixes.
Bug Fixes | Defect ID |
---|---|
Selenium authentication failure due to not visible select HTML elements | 01033292 |

New Features and Improvements
Tenable Web App Scanning Scanner version 1.8.0 includes the following new features and improvements.
- Server Side Template Injection Vulnerability Detection
Plugin 112614 (Server-Side Template Injection) is now available to report whenever this vulnerability is identified on a target.
- New REST API Detection Plugins
Plugins 112615 (Swagger File Detected) and 112616 (API Detected) are now available for REST API detection.
These plugins allow users to be notified when REST APIs are used by their web applications, and allow users to assess these APIs using the new Tenable Web App Scanning API scan template. - Expand Usage of Aborted Scan Status
For all scans launched from the new UI, all scans stopped by the scanner due authentication failures are now marked as Aborted instead of Completed to distinguish which scans have been successfully completed. This allows customers to quickly identify scans that need to be reviewed and updated so the scan can be conducted successfully.
- New Login Form Authentication Logic
New and enhanced logic for conducting Login Form authentication has been implemented, addressing potential failure cases where the submit() Javascript function does not actually trigger the form submission. The scanner now identifies any potential element (anchor, button, input, etc.) that could be used to submit the login form and interact with these elements before trying to directly submit the form. Plugin 98034 (Login Form Authentication Failed) now also includes additional information in debug mode to clarify the actions taken by the scanner during the form authentication.
- Improved Element Detection During Selenium Authentication
The Selenium authentication process now tests all possible locators specified in the Selenium script to identify the element to interact with. Previously, only the main locator was being used by the Tenable Web App Scanning scanner, which could lead to some authentication failures when the main locator fails to find the element.
- New Fonts Support
Added support for several new Asian fonts, ensuring the scanner is able to properly render web application pages and interact with elements.
- Chrome 85 Upgrade
The Chrome browser used by Tenable Web App Scanning scanner has been upgraded to version 85, to keep the scanner up-to-date and benefit from all changes introduced by this version. This also prevents potential issues with targets preventing access from outdated browser versions. Note that with this upgrade the default User-Agent header used by the WAS scanner has been updated to match the browser version:
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4158.0 Safari/537.36
- New Plugins
-
112617 - Loginizer Plugin for WordPress < 1.6.4 SQL Injection
-
112619 - W3 Total Cache Plugin for WordPress < 0.9.5 Server-Side Request Forgery
-
112620:112626 - Atlassian JIRA JRASERVER-69238 / JRASERVER-71536 / JRASERVER-67289 / JRASERVER-67290
-
112618 - File Manager Plugin for WordPress < 6.5
-
112616 - REST API Detected
-
112615 - Swagger File Detected
-
112614 - Server Side Template Injection
-
Bug Fixes
Tenable Web App ScanningScanner version 1.8.0 includes the following bug fixes.
Bug Fixes | Defect ID |
---|---|
Potential false positive for plugin 98097 Backdoor Detection | 01102018 |
False positive detected for plugin 98115 SQL Injection | 01096635 |
Login form identified failed when submitting login form | 01085182, 01086614, 01081382 |
False Positive detected for plugin 98649 Invalid Subresource Integrity | 01095125 |