Web Application Detections—April 2024
In April, the Qualys Web Application Scanning (WAS) team issued a critical security signatures update. This update expands the scope to detect vulnerabilities in several widely-used software applications, including GeoServer, Grafana, WordPress, Apache HTTP Server, Varnish, JetBrains TeamCity, pgAdmin, Traefik, PHP, Oracle WebLogic Server, Cacti, and CrushFTP VFS. Additionally, WAS has introduced new QIDs for identifying Expression Language Injection, Profanity, and Java-based applications.
The following table lists the new QIDs
| QID | Title |
|---|---|
| 150797 | Expression Language Injection |
| 150851 | GeoServer – WMS OpenLayers Format Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2024-23818) |
| 150852 | GeoServer – GWC Seed Form Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2024-23643) |
| 150853 | GeoServer Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities (CVE-2023-51445, CVE-2024-23640) |
| 150854 | GeoServer Arbitrary File Upload Vulnerability (CVE-2023-51444) |
| 150855 | GeoServer Log File Path Traversal Vulnerability (CVE-2023-41877) |
| 150856 | GeoServer Arbitrary File Renaming Vulnerability (CVE-2024-23634) |
| 150857 | Grafana Authorization Bypass Vulnerability (CVE-2024-1313) |
| 150859 | WordPress ElementsKit Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-2803) |
| 150860 | WordPress WP-Members Membership Plugin: Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2024-1852) |
| 150862 | WordPress Compress – Image Optimizer Plugin: Directory Traversal Vulnerability (CVE-2023-6699) |
| 150863 | Apache HTTP Server Prior to 2.4.59 Multiple Security Vulnerabilities |
| 150864 | WordPress Malware Scanner and Web Application Firewall Plugins: Unauthenticated Privilege Escalation Vulnerability (CVE-2024-2172) |
| 150865 | Profanity Detected in Website Content |
| 150867 | Varnish Reverse Proxy Detected |
| 150868 | WordPress LayerSlider Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-2879) |
| 150869 | JetBrains TeamCity Security Vulnerability (CVE-2024-29880) |
| 150870 | pgAdmin Remote Code Execution (RCE) Vulnerability (CVE-2024-3116) |
| 150871 | WordPress Metform Elementor Contact Form Builder Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-2791) |
| 150872 | WordPress MasterStudy LMS Plugin: Unauthenticated Local File Inclusion Vulnerability (CVE-2024-3136) |
| 150873 | Traefik Reverse Proxy Dashboard Detected |
| 150874 | PHP Command Injection Vulnerability (CVE-2024-1874) |
| 150875 | JetBrains TeamCity Multiple Security Vulnerabilities |
| 150876 | PHP Cookie Input Validation Vulnerability (CVE-2024-2756) |
| 150878 | Oracle WebLogic Server Multiple Vulnerabilities (CPUAPR2024) |
| 150883 | Cacti 1.2.25 Multiple Security Vulnerabilities |
| 150884 | CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040) |
| 150891 | Java Application Detected |
| 150892 | JavaServer Pages Detected |
| 150893 | JavaServer Faces Detected |
| 150894 | Java Servlet Detected |
| 150895 | Javadoc Detected |
| 150896 | Java Stack Trace Disclosure |
| 150897 | Spring Boot Default Error Page Detected |
| 150898 | Java Binary Detected |
| 150899 | ZK Framework Detected |
| 154154 | WordPress Core: Remote Code Execution via Plugin Upload (CVE-2024-31210) |
| 154155 | WordPress Remote Code Execution Vulnerability (CVE-2024-31211) |
| 520015 | Atlassian Bitbucket Denial of Service Vulnerability (CVE-2024-21634) |
Qualys Notification Link Web Application Detections Published in April 2024.