WAS Engine 6.7 has been released to all Qualys platforms including private cloud platforms. This release is part of our ongoing effort to continuously improve the WAS scanning engine. This update includes the following changes.
- Fixed a false positive for QID 150004 for the case where a 302 response redirects to a non-existent page.
- Modified the internal browser engine for better crawling of certain single page applications (SPAs).
- Made changes to address false positives for missing security header QIDs.
- Added a detection for CVE-2019-9978, for vulnerabilities in the Social Warfare WordPress plugin. The QID is 150241.
- The number of path fuzzing rules extracted from the Swagger file is now reported in QID 150195.
- Added a detection for CVE-2014-0114, a remote code execution vulnerability in Apache Struts v1.x. The QID is 150236.
- Fixed a false positive for QID 150081 (missing X-Frame-Options).