Blog/
Apache and Express Path Traversal plus Nginx Restriction Bypass Tests with SmartScanner
By SmartScanner
Today, we’re excited to announce that SmartScanner 1.10 is available for download. This release brings 15 new CVEs and tests to improve vulnerability assessment quality and new security testing capabilities to our customers. You can find all changes in the changelog, but here are top highlights from the release:
- All issues mapped to OWASP Top 10 2021
- Insecure Deserialization tests for JSON objects. Other objects like PHP serialized objects will be added in future versions.
- Apache 2.4.49 Path Traversal and RCE (CVE-2021-41773, CVE-2021-42013)
- Nginx Restriction Bypass via Space Character in URI (CVE-2013-4547)
- Web Server Path Traversal (CVE-2017-14849) for Express and other static file routers
- Cookie Accessible for Subdomains in passive tests
- Vulnerability assessment for outdated OpenSSL, Apache, PHP, and WordPress
