Acunetix version 12 (build 12.0.190515149 – Windows and Linux) has been released. This new build introduces network scanning in Acunetix on-premise, support for IPv6, improves usage of machine resources and adds support for Selenium and Burp v2 saved files as import files. There are also a good number of new vulnerability checks for SAP, Unauthorized access detection for Redis and Memcached and source code disclosure for Ruby and Python. The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux.
New Features
- Network Scanning via OpenVAS integration
- Introduced support for IPv6 domains (IPv6 addresses not supported yet)
- Dynamic resource allocation for when multiple scanners are started on the same machine
- Improved resource usage for string comparison functions
- Selenium scripts can now be used as import files
New Vulnerability Checks
- NEW check for Memcached Unauthorized Access Vulnerability
- NEW check for Redis Unauthorized Access Vulnerability
- NEW check for SAP ICF /sap/public/info sensitive information disclosure
- NEW check for SAP NetWeaver server info information disclosure
- NEW check for SAP NetWeaver ConfigServlet remote command execution
- NEW check for SAP Portal directory traversal vulnerability
- NEW check for SAP NetWeaver ipcpricing server side request forgery
- NEW check for SAP Management Console list logfiles
- NEW check for SAP Management Console get user list
- NEW check for SAP NetWeaver server info information disclosure
- NEW check for SAP Knowledge Management and Collaboration (KMC) incorrect permissions
- NEW check for SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability
- NEW check for SAP weak/predictable user credentials
- NEW check for OpenCms Solr XML External Entity (XXE) vulnerability
- NEW check for Confluence Widget Connector SSTI
- New check for Ruby source code disclosure
- NEW check for Python source code disclosure
- Added new WordPress Core and WordPress Plugins vulnerability checks
- Added new Drupal Core vulnerability checks
- Added new Joomla Core vulnerability checks
Updates
- Multiple improvements to the detection of Blind SQL Injection
- Improved the Error Messages vulnerability check
- Improved the Adobe Experience Manager tests
- Improved detection of Java Deserialization and Mongo alert deduplication
- Improved detection of Rails accept file content disclosure
- Updated alert details for Oracle WebLogic Remote Code Execution via T3 (CVE-2018-3245)
- Improved detection of Confluence
- Improved PHP AcuSensor when used on nginx
- Improved detection of PHP code injection
- Updated Directory Traversal Check to make fewer requests
- Multiple improvements to DeepScan and the LSR
- Implemented support for WebSockets in LSR and Deepscan
Fixes
- Fixed a few crashes
- Fixed issue causing Postcrawl scripts to not be executed on folders
- Fixed: Custom cookies could be used twice when the application sets the same cookies
- Cookie processing now ignores leading . in domain
- Fixed issue with LSR when used on Internet Explorer
- Fixed issue with HTTP Authentication
- Fixed false positive in Struts_RCE_S2-052_CVE-2017-9805
- Fixed the severity level for CSRF vulnerability check
- Fixed False Negative in Mercurial repository found check
- Fixed issue causing site structure not to be updated with locations identified by vulnerability scripts
Upgrade to the latest build
If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Principal Program Manager
