New Capabilities in WAS Engine 4.2

Document created by Dave Ferguson Employee on Jun 7, 2017
Version 1Show Document
  • View in full screen mode

A new version of the Qualys WAS engine has been released, version 4.2.  Among the improvements are new vulnerability detection capabilities.  The following Qualys identifiers (QIDs) have been introduced to report on the new detections.

 

QID 150156 – This is a new vulnerability test now available in the scanner.  This QID will be reported when the web application is vulnerable to HTTP proxy injection.  This is known as the httpoxy vulnerability, and the severity rating is "3" (Medium).

 

QID 150167 – This is an informational finding that is reported when a WAS scan detects WebSocket links in the target application.  These types of links begin with "ws://" or "wss://" and signal that the application may be using the WebSocket protocol in some fashion.  WebSocket is quite different than standard HTTP in that the client and web server establish a persistent connection over which binary data is transmitted.  WAS does not perform testing against WebSocket at this time.

 

QID 150169 – This is an informational finding that is reported when WAS detects that data URIs are used by the application.  Data URIs are a way of embedding images or other content within a web page directly instead of referencing an external file.  Data URIs by themselves do not constitute a vulnerability, but have been leveraged in some cases to exploit other vulnerabilities that may exist such as cross-site scripting.

 

QID 150170 – This is an informational finding that reports any logout links that were identified during an authenticated scan.  The scanner will avoid making requests to these links to prevent the authenticated session from being terminated.  If WAS does not properly detect logout links, a regular expression can be configured under Crawl Exclusions to override the built-in logout link detection algorithm.

 

QID 150171 – This is a new vulnerability test now available in the scanner for CVE-2010-0219.  This QID will be reported when it is determined that Apache Axis2 is running on the server and allows administrative access with default credentials.  The severity rating is "4" (High).

 

QID 150172 – This is an informational finding that reports the HTTP requests that were crawled during the scan.  This QID supplements the information provided under QID 150009 (Links Crawled).

 

QID 150174 – This is a new vulnerability test now available in the scanner related to directory/path traversal.  While some path traversal tests are still done under QID 150011 (Local File Inclusion), testing for generalized path traversal vulnerabilities has been greatly enhanced and detections will be reported under this new QID.  The severity rating is "4" (High).

1 person found this helpful

Attachments

    Outcomes