Release 10.1
July 15, 2024
What's New?
New QIDs in the Release
The following new QIDs are introduced in the release:
| Vuln ID | Category | Title | Description |
|---|---|---|---|
| 150814 | Information Gathered | Pixel or Web Beacon Tracking Technology Found | A tracking pixel is also known as web beacon. When pixel technology is used, there is room for information to be leaked without the consent of the user. Under the GDPR, tracking pixels can only be used if the user gives consent. Tracking pixels retrieves analytic details. The tracking or marketing pixels allow cross-platform marketing, tracking the website visitors from one website or a social network to another one and presenting the targeted advertisement on different platforms, devices, or websites. |
| 150319 | Information Gathered | Weak Cookies in Use | Cookies are used to track HTTP sessions. Both session and non-session cookies could be persistent cookies in those cases it is important to verify the complexity of the cookie values. Detection: WAS scan evaluates cookie length, analyzes for common cookie parameters not limited to PHPSESSID, ASP.NET_SessionId, JSESSIONID, sessionID, etc. |
| 150844 | Practice Vulnerability | Cross Site Tracing Found | Cross Site Tracking (XST) involves using XSS and TRACE or TRACK HTTP methods. TRACE allows the client to see what is being received at the other end of the request chain and use that data for testing or diagnostic information. Detection: WAS scan requests a header and expects the response header Q-XST-Check-One: Q12345XST97531, if this header is present then vulnerability will be reported. |
| 150811 | Practice Vulnerability | Source Code Disclosure | Source code was detected when scanning the application. The detection involves passive check to determine source code in the web application content response. |
| 150798 | Vulnerability | HTTP Method Tampering | HTTP Method Tampering tests the web application response to non HTTP verb accessing system objects. For every system object discovered during the scan, test is done to access with non http verbs. Scan will test for TRACE and HEAD methods. |
| 150806 | Information Gathered | Local Storage or Session Storage Found | Local storage typically stores data on user or client's system. Detection: WAS identifies both local and session storage done via client side JavaScripts. |
| 150823 | HTTP TRACE Method Detected | HTTP defines methods (sometimes referred to as verbs) to indicate the desired action to be performed on the identified resource. TRACE and TRACK methods are defined by Apache and allow a user to echo the content of a request. Diagnosis: Scan makes a request with TRACE method and looks for 200 response. |
|
| 150790 | Vulnerability | LDAP Error Detection | LDAP injection enables an attacker to modify the syntax of an LDAP query in order to retrieve, corrupt or delete data from the LDAP database. This is accomplished by manipulating query criteria in a manner that affects the query's logic. The typical causes of this vulnerability are lack of input validation and insecure construction of the LDAP query. Queries created by concatenating strings with LDAP syntax and user-supplied data are prone to this vulnerability. If any part of the string concatenation can be modified, the meaning of the query can be changed. |
| 150833 | Practice Vulnerability | Login Bypass via LDAP Injection | LDAP injection enables an attacker to modify the syntax of an LDAP query in order to retrieve, corrupt or delete data from the LDAP database. This is accomplished by manipulating query criteria in a manner that affects the query's logic. The typical causes of this vulnerability are lack of input validation and insecure construction of the LDAP query. Queries created by concatenating strings with LDAP syntax and user-supplied data are prone to this vulnerability. If any part of the string concatenation can be modified, the meaning of the query can be changed. WAS scan checks if there was a successful login with injected queries. |
Updated QIDs
The following QIDs are updated in the release:
| Vuln ID | Category | Title | Description |
|---|---|---|---|
| 153009 | Information Gathered | JavaScript Identified on Payment Page | Some regex improvements to identify payment card pages and JavaScripts used within these payment pages. WAS reports all external and in-line JavaScripts in QID 153009. |
| 150797 | Vulnerability | Expression Language Injection | New signatures were released for detection 150797 and the capability to detect Expression Language Injection via Out of Band. |
| 150224 | Information Gathered | Diagnostic of CMS Fingerprinting | Some files are not accessible during CMB plugin fingerprinting; in those cases, WAS will report the highest version. There is additional information in QID 150224. If plugin files are not accessible, a list of the top 15 inaccessible links will be reported in the scan report. |
Enhancement to Allow Multiple FQDNs/IPs to Bypass Proxy Settings
With this release, we have added a browser option flag to enable web security. The flag can be enabled where authentication is failing to ensure compatibility with Microsoft Single Sign-On (SSO).
This flag can be enabled both at the web application level and the subscription setting. However, we recommend setting it at the web app level and adding it to the subscription if all applications within the subscription require the same Single Sign-On (SSO) configuration.
The browser option flag is not enabled by default. To enable the flag, contact your Qualys representative.