Skip to content

Active scanner rules version 45
Compare
Choose a tag to compare
@zapbot zapbot released this 15 Mar 18:18
· 4792 commits to main since this release
ascanrules-v45
f4435dd
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Changed

  • Remote OS Command Injection rule now has more information in the Other Info field to differentiate feedback-based or time-based tests
  • Path Traversal scan rule, updated the regex for case 5 to be case-insensitive when searching for Error or Exception in content body.
  • Maintenance changes.

Fixed

  • Server Side Code Injection scan rule, prevent use of zero when injecting ASP multiplication to avoid false positives (Issue 7107).
  • External Redirect scan rule to detect redirects with dots deny listed.
  • Cross Site Scripting (Reflected) scan rule will no longer raise an alert for unsuccessful JavaScript string injections (Issue 1641).
Assets 3
Loading