New build adds detection of vulnerabilities in WordPress, Django, multiple Spring Framework and Atlassian products

Acunetix v12 (build 12.0.180619111) has been released. This new build introduces new vulnerability checks for WordPress, Django, multiple Spring Framework and Atlassian products. Below is a full list of updates.

New Features and Vulnerability tests

• Spring Data Commons RCE via Spring Expression Language (SpEL) injection (CVE-2018-1273)
• Atlassian OAuth Plugin IconUriServlet SSRF, affecting multiple Atlassian products (CVE-2017-9506)
• WordPress REST API User Enumeration
• Django Debug Mode via DisallowedHost
• Tests for PHP-FPM (FastCGI Process Manager) Status Page
• Check for common test CGI scripts that are leaking environment variables
• Check Spring Boot Actuator information disclosure
• Check for RCE via Spring Boot WhiteLabel Error Page Spring Expression Language (SpEL)
• Atlassian Jira ManageFilters Information Disclosure

Fixes

• Crash dump was sometimes not being created

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.