Release 2.0.0

Bump version with minor fixes

Release 2.0.0beta

Major release update:

• Include more than 70+ unique security checks for J2EE env
• New engine with fuzzy logic to bypass weak ACL/WAF rules
• Multiple bug fixes on FP and FN
• Improved scan performance

Release 1.2.5

• Added check for UTF8 Response Splitting
• Added check for JBoss Undertow Directory Traversal (CVE-2014-7816)
• Added check for NodeJS HTTP Redirect (CVE-2015-1164)
• Added check for NodeJS HTTP Response Splitting (CVE-2016-2216)
• Added check for JK Management Endpoints
• Added check for Pivotal Spring Traversal (CVE-2014-3625)
• Added check for JBoss jBPM Admin Consoles
• Adedd check for Apache Struts 2 S2-032 (CVE-2016-3081)
• Improved LFI payloads
• Improved EL Injection tests
• Improved WS Axis security checks

Release 1.2.4

• Added detection for JBoss jBPM Admin Console
• Added check for Spring Boot Actuator console
• Improved LFI module with new UTF-8 payloads
• Improved EL Injection with new payloads
• Added check for Apache Roller OGNL Injection (CVE-2013-4212)
• Added check for Apache Struts 2 S2-023 - thanks to @h3xstream
• Added check for Weblogic Admin Console Weak Password
• Added check for Oracle Application Server multiple file disclosure issues
• Added check for Oracle Log Database Accessible
• Added check for AJP service identification
• Added check for Weblogic UDDI Explorer SSRF (CVE-2014-4210)
• Improved performance for passive checks
• Improved Apache Wicket Information Disclosure
• Improved J2EE incorrect exception handling
• Added check for End Of Life Software - Jetty
• Added check for End Of Life Software - Tomcat
• Added check for End Of Life Software - Oracle Application Server
• Added check for Oracle Application Server version
• Added check for Oracle Glassfish version
• Added check for Oracle Weblogic version
• Added check Apache Struts OGNL Console
• Added check for Happy Axis