Security Vulnerability Test - Software Updates (July 2018 - v12)

30th July 2018

As part of our security commitment, our Service Desk team conducts monthly web vulnerability scans of our platforms with the capability to detect over 4,500 web vulnerabilities using a DeepScan crawler, grey-box vulnerability testing and out-of-band vulnerability testing. 

Version 12 (build 12.0.180725167) has been released. This massive new build adds detection for vulnerabilities in Cisco ASA, Apache Tomcat, Altassian Jira, Spring, JBoss and misconfigured nginx installations. The new build also includes HTTP Responses in the vulnerability alerts, and re-introduces manual intervention in the Login Sequence Recorder and a good number of additional updates and fixes. Below is a full list of updates.:

New Features & Vulnerability Tests

  • HTTP responses is not shown for vulnerabilities detected (only affects new scan)
  • Manual Intervention has been implemented in v12.
  • Added detection of Java Object Deserialization vulnerabilities
  • Added detection for Cisco ASA Path Traversal
  • Added tests for misconfigured nginx aliases that can lead to a path traversal
  • Added detection of Spring Security Authentication Bypass Vulnerability
  • Added detection of weak/insecure permissions for Atlassian Jira REST interface
  • Added detection of Apache Tomcat Information Disclosure
  • Added detection of Spring Data REST Remote Code Execution
  • Added detection of Insecure Odoo Web Database Manager
  • Added detection of JBoss Remote Code Execution
  • Added detection of WebSphere Remote Code Execution
  • Updated WordPress Plugin vulnerability detection.

Updates

  • Password is no longer required when configuring client certificate for a Target
  • Additional memory optimization
  • Scanner will now report when the LSR cannot login
  • Application Error Message vulnerability check updated to provide more details on the error
  • Reports, XML exports and WAF exports now use a more meaningful filename
  • Reports now show the status of a scan
  • Scan debug logs now include imported files
  • Increased maximum number of Issue Trackers that can be configured.

If you would like any specific web vulnerability scans please contact our Service Desk team.

Insights & Spotlights...

Your login details have been used by another user or machine. Login details can only be used once at any one time so you have therefore automatically been logged out. Please contact your sites administrator if you believe this other user or machine has unauthorised access.