Home
/
Documentation
/
3-Nov-2016
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
03 Nov 2016

3-Nov-2016

New Technical Check

  • Added "Cookie Header Contains Multiple Cookies" check

Improvements

  • Improved the Content Security Policy (CSP) and "Misconfigured Access-Control-Allow-Origin Header" vulnerability templates.
  • Improved CSP vulnerability detection by only reporting vulnerabilities on HTML resources.
  • Improved the coverage of the boolean SQL injection vulnerability engine.

Fixes

  • Fixed an issue which was preventing the deletion of multiple websites.
  • Fixed the External CSS, Script and Frame Knowledge Base items which were not considering the port during checks.
  • Fixed an issue in the Open Redirect detection where incorrect URLs may also be reported.
  • Fixed an issue related to the form authentication which prevents logout detection during attacking phase.
  • Fixed an Local File Inclusion (LFI) vulnerability detection issue when attacked with a FullUrl payload.
  • Fixed an incorrect retest result which occurs when the target website is not reachable.
  • Fixed a CSP vulnerability issue for deprecated CSP header name on meta tags.