Web Application Detections—April 2024

In April, the Qualys Web Application Scanning (WAS) team issued a critical security signatures update. This update expands the scope to detect vulnerabilities in several widely-used software applications, including GeoServer, Grafana, WordPress, Apache HTTP Server, Varnish, JetBrains TeamCity, pgAdmin, Traefik, PHP, Oracle WebLogic Server, Cacti, and CrushFTP VFS. Additionally, WAS has introduced new QIDs for identifying Expression Language Injection, Profanity, and Java-based applications.

The following table lists the new QIDs

QID Title
150797 Expression Language Injection
150851 GeoServer – WMS OpenLayers Format Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2024-23818)
150852 GeoServer – GWC Seed Form Stored Cross-Site Scripting (XSS) Vulnerability (CVE-2024-23643)
150853 GeoServer Multiple Stored Cross-Site Scripting (XSS) Vulnerabilities (CVE-2023-51445, CVE-2024-23640)
150854 GeoServer Arbitrary File Upload Vulnerability (CVE-2023-51444)
150855 GeoServer Log File Path Traversal Vulnerability (CVE-2023-41877)
150856 GeoServer Arbitrary File Renaming Vulnerability (CVE-2024-23634)
150857 Grafana Authorization Bypass Vulnerability (CVE-2024-1313)
150859 WordPress ElementsKit Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-2803)
150860 WordPress WP-Members Membership Plugin: Unauthenticated Stored Cross-Site Scripting Vulnerability (CVE-2024-1852)
150862 WordPress Compress – Image Optimizer Plugin: Directory Traversal Vulnerability (CVE-2023-6699)
150863 Apache HTTP Server Prior to 2.4.59 Multiple Security Vulnerabilities
150864 WordPress Malware Scanner and Web Application Firewall Plugins: Unauthenticated Privilege Escalation Vulnerability (CVE-2024-2172)
150865 Profanity Detected in Website Content
150867 Varnish Reverse Proxy Detected
150868 WordPress LayerSlider Plugin: Unauthenticated SQL Injection Vulnerability (CVE-2024-2879)
150869 JetBrains TeamCity Security Vulnerability (CVE-2024-29880)
150870  pgAdmin Remote Code Execution (RCE) Vulnerability (CVE-2024-3116)
150871 WordPress Metform Elementor Contact Form Builder Plugin: Stored Cross-Site Scripting Vulnerability (CVE-2024-2791)
150872 WordPress MasterStudy LMS Plugin: Unauthenticated Local File Inclusion Vulnerability (CVE-2024-3136)
150873 Traefik Reverse Proxy Dashboard Detected
150874 PHP Command Injection Vulnerability (CVE-2024-1874)
150875 JetBrains TeamCity Multiple Security Vulnerabilities
150876 PHP Cookie Input Validation Vulnerability (CVE-2024-2756)
150878 Oracle WebLogic Server Multiple Vulnerabilities (CPUAPR2024)
150883 Cacti 1.2.25 Multiple Security Vulnerabilities
150884 CrushFTP VFS Sandbox Escape Vulnerability (CVE-2024-4040)
150891 Java Application Detected
150892 JavaServer Pages Detected
150893 JavaServer Faces Detected
150894 Java Servlet Detected
150895 Javadoc Detected
150896 Java Stack Trace Disclosure
150897 Spring Boot Default Error Page Detected
150898 Java Binary Detected
150899 ZK Framework Detected
154154 WordPress Core: Remote Code Execution via Plugin Upload (CVE-2024-31210)
154155 WordPress Remote Code Execution Vulnerability (CVE-2024-31211)
520015 Atlassian Bitbucket Denial of Service Vulnerability (CVE-2024-21634)

For details, refer to Web Application Detections Published in April 2024