WAS Engine 7.4 Released

Document created by Dave Ferguson Employee on Dec 24, 2019Last modified by Dave Ferguson Employee on Dec 27, 2019
Version 3Show Document
  • View in full screen mode

Greetings!  To wrap up 2019, we have released WAS Engine 7.4 to all Qualys platforms including private cloud platforms.  This is part of our ongoing effort to continuously improve the WAS scanning engine.

 

This update includes the following changes.

 

  • Added a new informational QID to report the presence of Magento CMS (QID 150244).
  • Added a new detection (QID 150272) for PHP 7 vulnerabilities CVE-2019-11041 and CVE-2019-11042
  • Improved accuracy of CMS version detection by checking for meta tags in the HTML code.
  • Fixed a false positive for QID 150162 (Use of JavaScript Library with Known Vulnerability) when redirection to an out-of-scope URL occurs via meta refresh tag.
  • Fixed a potential false positive for QID 150081 (Missing X-Frame-Options).
  • Removed some extraneous messages in scan diagnostics.

 

As always, if you encounter any problems in your WAS scans, please open a support ticket by selecting Help--Contact Support while logged into the platform.  Feel free to post a question here on the Qualys Community site as well.

 

- Dave

Attachments

    Outcomes