WAS Engine 6.7 Released

Document created by Dave Ferguson Employee on May 14, 2019Last modified by Dave Ferguson Employee on May 21, 2019
Version 3Show Document
  • View in full screen mode



WAS Engine 6.7 has been released to all Qualys platforms including private cloud platforms.  This release is part of our ongoing effort to continuously improve the WAS scanning engine.  This update includes the following changes.


  • Vulnerable JavaScript libraries are now reported as separate instances of QID 150162.
  • Fixed a false positive for QID 150004 for the case where a 302 response redirects to a non-existent page.
  • Modified the internal browser engine for better crawling of certain single page applications (SPAs).
  • Made changes to address false positives for missing security header QIDs.
  • Added a detection for CVE-2019-9978, for vulnerabilities in the Social Warfare WordPress plugin.  The QID is 150241.
  • The number of path fuzzing rules extracted from the Swagger file is now reported in QID 150195.
  • Added a detection for CVE-2014-0114, a remote code execution vulnerability in Apache Struts v1.x.  The QID is 150236.
  • Fixed a false positive for QID 150081 (missing X-Frame-Options).


If you encounter any problems in your WAS scans, please open a support ticket by selecting Help--Contact Support while logged into the platform.  Feel free to post a question here on the Qualys Community site as well.


- Dave