Improvements in detection of SQL Injections, XSS, and RCE
An important focus of the team in June is to improve the detection of XSS, RCE and Time-Based SQL Injections. There have also been improvements in detection of automated scanning tools—Wallarm can now detect scans conducted by Qualys tool.
Furthermore, the following scanner extensions have been implemented:
- Detection of GOlang profiler
- Detection of RCE Primefaces (CVE-2017-1000486)
- Detect of Apache Tomcat AJP Vulnerability (CVE-2020-1938)
- Detection of insecure NoSQL Tarantool exposed with no authentication
- Apache Zookeeper Detect Available w/o Authentication (CVE-2018-8012)
Improvements are available for all Wallarm customers. No additional update steps required.