Acunetix 360 On-Demand - v24.7.0

This update includes changes to the internal agents. The internal scan agent’s current version is 24.7.0. The internal authentication verifier agent’s current version is 24.7.0.

New Features

  • Added custom headers for communication between Agents and AcuMonitor
  • Added a warning message when creating scan targets for websites that do not have a hostname mapped to an IP address

New Security Checks

  • Added detection for supply chain attacks through Polyfill JS
  • Added detection for GeoServer SQLi (CVE-2023-25157)
  • Added checks for various WordPress plugins

Improvements

  • Improved Credit Card Disclosure Security Check
  • Set the severity of 'Possible XSS' vulnerabilities to 'Informational'
  • Improved various Sensitive Data Exposure security checks
  • Improved detection of the Short SSL Key Length vulnerability
  • Added capability to check for Sensitive Data in XML responses

Fixes

  • Fixed missing Request Body content in vulnerability details
  • Fixed an issue with the selection of agent groups
  • Fixed an issue with the order in which internal agent scans are initiated
  • Fixed an issue with the 'Ignore Certificate Errors' Agent setting for SSL Validation
  • Fixed a download problem with PCI reports
  • Fixed an issue with the SSO login that was causing incorrect redirects
  • Removed references to 3.2 in the PCI DSS Compliance scan summary
  • Fixed an issue with the Azure Boards integration reopening old vulnerabilities that do not link to active issues in Invicti Enterprise
  • Fixed a timeout issue that was occurring on a prerequest script
  • Fixed a problem in the JWT Engine to resolve a false positive issue
  • Updated vulnerable OpenSSL libraries to secure versions
  • Fixed a bug in the Checkout Logout Detection so that it now chooses the same verification agent as the verification process
  • Fixed an issue related to the OTA app scan
  • Fixed HTTP 413 responses resulting from nonce cookies stacking