Tenable Vulnerability Management Platform Release Notes - December

Important Highlights from this Release

Tenable Web App Scanning Scanner 0.13.0, 0.14.0, 0.15.0

  • 0.13.0
    • Add "Localhost Target Not Allowed" scan note when local hosts are tried to be scanned
    • Enhance "Target Unreachable" scan note with first action items to address this case
    • Increase number of DOM interactions performed by scanner on each page
    • Add URL used during login form authentication to list of URLs to be crawled
  • 0.14.0
    • New plugin 98035 - Login Form Authentication Succeeded
    • Improved detection for plugin 98112 - Cross-Site Request Forgery
  • 0.15.0
    • OWASP Top 10 2017 Support
    • Plugin 98035 "Login Form Succeeded" updated with information about session cookie created

Dashboard Analytics Export PNG

  • The Export PNG capability allows users to share dashboard data to include a high resolution image in presentations and email

Bug Fixes

  • Fixed vulnerabilities are now being filtered out of the scan results UI and exports by default
  • The asset workbench now shows the correct asset count after an advanced filter is applied
  • Assets that were incorrectly collapsed due to matching on an SSH fingerprint are now only matched and collapsed if there are corroborating identifiers
  • Fixed an issue where scans may not completely process if a single asset had a large number of vulnerabilities split across multiple scan chunks

  • Tenable Web App Scanning- Fix aborted scan due to DOM parsing errors

  • Tenable Web App Scanning - Fix aborted scans when scan is scan time limit has been reached

  • Tenable Web App Scanning - Fix invalid link for plugin 98087 WebDav detection plugin

  • Tenable Web App Scanning - Fix scan error when headers contain non-UTF8 text

  • Tenable Web App Scanning - Fix scan parsing errors on invalid SELECT HTML elements

  • Tenable Web App Scanning - Do not start plugin 98112 - Cross-Site Request Forgery detection for unauthenticated scans

  • Tenable Web App Scanning- Fix uncaught network error leading Tenable Web App Scanning scanner to stop polling platforms for new jobs

Other

  • Minimum limit for period of inactivity to automatically unlink agents has been lowered from 30 to 1 day.