New Detections Rolling Out for Vulnerable CMSs and CMS Plugins

Document created by Dave Ferguson Employee on Jan 18, 2018Last modified by Dave Ferguson Employee on Jul 17, 2018
Version 10Show Document
  • View in full screen mode
In a previous post, we described how Qualys WAS added new informational QIDs to report CMS versions and CMS plugins found on your scanned web applications.  Now, as part of the continuous improvement of the scanning engine, new tests have been implemented to report known-vulnerable versions of CMSs, CMS plugins, and other web platforms.

 

The new tests are based on the Blind Elephant project, which uses a fingerprinting technique.  Qualys WAS can identify and report outdated and vulnerable versions of the following:

 

  • WordPress
  • Joomla!
  • Drupal

 

The Qualys Vulnerability Management ("VM") module includes these tests already as part of its scanning capabilities.  The tests are essentially being duplicated in WAS.  Having the checks in both places allows more flexibility for customers who are using both modules while providing valuable new functionality for WAS customers who are not using VM.

 

Please note that WAS is using existing QIDs for these tests rather than introducing new ones.  As of today (17-July-2018) , WAS includes tests for the following QIDs:

 

WordPressJoomla!Drupal

11487

11494

11499
11504
11505

11519
11526

11537
11552
11565
11573

11609
11641
11689

11703

11704

11705
11763
11774
11758
11769
11805
11813
11825
11826
11861
11878

12265

12293

12302

12308

12312

12331

12402

12457

12460

12467

12497

12508

12598
12751
12851

12882

12914
13012
13075
13133

13137

105667

11560

11561

11563

11659

11710
11741
11742
11800
11808

11814
11842
11843
11862
11863

12597

12720
12726
12727
12729
12731
12734
12736
12742
12780
12857
12858
12859
12860
12862
12863
12866
12867
12877
12878
12879
12880
105519
105592

10773
11511
11540
11580
11582
11616

11634
11649

11665

11666
11733
11776
11794
11836
11852

12400

12601

12633
12786
12789
12791
12794
12796
12797
12799
12800
12801
12820
12932
13013
13054
13062
13073
13074
13119
13124
13125

 

The post will be updated as more of these types of vulnerability tests are implemented in WAS and released.

2 people found this helpful

Attachments

    Outcomes