Improvements in the detection of Path traversal attacks
In July and August, our detection team redesigned the detection of Path Traversal attacks. Hackers can use the following approaches for such attacks:
Universal naming conventions for paths (UNC paths)
File URI scheme
We have updated the mechanism for dealing with such attacks and extended it to make it more difficult for attackers to execute such attacks.
We have also added new Scanner extensions to scan for the following vulnerabilities:
- Detecting debug panels laravel-debugbar, telescope, php-debugbar
- Zend framework configuration information disclosure detection
- LFI & RCE in Citrix ADC / Netscaler (CVE-2019-19781)
- 0 Day RCE at vBulletin (CVE-2020-17496)
- F5-BIG-IP RCE (CVE-2020-5902)
The changes are already available for all Wallarm clients. No additional update steps are required.