Tenable Vulnerability Management Platform Release Notes - December
Important Highlights from this Release
Tenable Web App Scanning Scanner 0.13.0, 0.14.0, 0.15.0
- 0.13.0
- Add "Localhost Target Not Allowed" scan note when local hosts are tried to be scanned
- Enhance "Target Unreachable" scan note with first action items to address this case
- Increase number of DOM interactions performed by scanner on each page
- Add URL used during login form authentication to list of URLs to be crawled
- 0.14.0
- New plugin 98035 - Login Form Authentication Succeeded
- Improved detection for plugin 98112 - Cross-Site Request Forgery
- 0.15.0
- OWASP Top 10 2017 Support
- Plugin 98035 "Login Form Succeeded" updated with information about session cookie created
Dashboard Analytics Export PNG
- The Export PNG capability allows users to share dashboard data to include a high resolution image in presentations and email
Bug Fixes
- Fixed vulnerabilities are now being filtered out of the scan results UI and exports by default
- The asset workbench now shows the correct asset count after an advanced filter is applied
- Assets that were incorrectly collapsed due to matching on an SSH fingerprint are now only matched and collapsed if there are corroborating identifiers
- Fixed an issue where scans may not completely process if a single asset had a large number of vulnerabilities split across multiple scan chunks
-
Tenable Web App Scanning- Fix aborted scan due to DOM parsing errors
-
Tenable Web App Scanning - Fix aborted scans when scan is scan time limit has been reached
-
Tenable Web App Scanning - Fix invalid link for plugin 98087 WebDav detection plugin
-
Tenable Web App Scanning - Fix scan error when headers contain non-UTF8 text
-
Tenable Web App Scanning - Fix scan parsing errors on invalid SELECT HTML elements
-
Tenable Web App Scanning - Do not start plugin 98112 - Cross-Site Request Forgery detection for unauthenticated scans
-
Tenable Web App Scanning- Fix uncaught network error leading Tenable Web App Scanning scanner to stop polling platforms for new jobs
Other
- Minimum limit for period of inactivity to automatically unlink agents has been lowered from 30 to 1 day.