Tenable Web App Scanning Scanner 1.12.x Release Notes

The Tenable Web App Scanning Scanner automatically updates to new releases:

Tenable Web App Scanning Cloud Scanner – Updated automatically by Tenable.
Tenable Core + Tenable Web App Scanning Linked Scanner – Updated automatically by Tenable Core.

For information about the new features, improvements, and bug fixes included in each 1.12.x release, see:

Tenable Web App Scanning Scanner 1.12.3 (2021-04-09)

Bug Fixes

Tenable Web App Scanning Scanner version 1.12.3 includes the following bug fixes.

Bug Fixes	Defect ID
Tenable Core Tenable Web App Scanning cannot delete aborted scans	01189629, 01192320

Tenable Web App Scanning Scanner 1.12.2 (2021-04-07)

New Features and Improvements

Tenable Web App Scanning Scanner version 1.12.2 includes the following new features and improvements.

New Plugins
- 112722:112723 - Security.txt File Detected
- 112724:112725 - Facebook Plugin for WordPress plugins
- 112726 - Apache Struts 2.3.5 - 2.3.31 / 2.5.x < 2.5.10.1 Jakarta Multipart Parser RCE
- 112727- Apache Struts 2 S2-057 Remote Code Execution
- 112728:112740 - Microsoft SharePoint vulnerabilities

Bug Fixes

Tenable Web App Scanning Scanner version 1.12.2 includes the following bug fixes.

Bug Fixes	Defect ID
HTTP Errors 401 shall not be included in Interesting Responses	01172839
Incorrect SharePoint Version Detection	01178691

Tenable Web App Scanning Scanner 1.12.1 (2021-03-24)

Bug Fixes

Tenable Web App Scanning Scanner version 1.12.1 includes the following bug fixes.

Bug Fixes	Defect ID
New scan_configuration reason in sitemap results to identify URLs excluded per scan scope settings	01172233
Fix processing of pages with no forms	01126687

Tenable Web App Scanning Scanner 1.12.0 (2021-03-23)

New Features and Improvements

Tenable Web App Scanning Scanner version 1.12.0 includes the following new features and improvements.

Request Count by Plugin
The number of HTTP requests sent by plugins using a plain HTTP client is now available in the plugins.csv attachment published by plugin 98000 (Scan Information).
Improved Selenium Success & Failures Cases
- Ensured that Scan Information and Target Information plugins are generated if authentication fails due to invalid scripts.
- Added support for selenium commands with the // prefix.
- Selenium command setWindowSize is now skipped if no size is provided in the command.
- The Command Execution Delay option is now used instead of the Page Rendering Delay option so that extra delays are not introduced after each selenium command is processed.
- When selenium is successful and debug mode is set, the scanner now includes the authentication process debug information as part of the plugin ouput.
- Updated cookie message when no cookies were set in the Selenium Authentication Succeeded plugin output.
- Improved handling of selenium close commands in selenium scripts.

Bug Fixes

Tenable Web App ScanningScanner version 1.11.0 includes the following bug fixes.

Bug Fixes	Defect ID
False positive for plugin ID 98097	01173917
False positive for plugin ID 98097	01175889
Unable to authenticate to site using Cookies with CAPTCHA	01178152
Selenium Authentication Failing	01130771
Potential False Positives for Plugins 98063, 98064, 115540	01123157
Long overview scan	01054985
SharePoint Incorrect Version Detected	01178691
Selenium authentication failed with unknown error	01179266
Vulnerabilities detected on redirected pages	01172235
Login Form Authentication failure	01167297
Errors generated due to anti-CSRF token	01093964