Note — This post applies to an older version of Acunetix
An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks, improvements and bug fixes.
New security checks:
- 8.3 DOS filename source code disclosure
- Apache Tomcat Directory Host Appbase authentication bypass vulnerability
- Apache Tomcat WAR File directory traversal vulnerability
- Apache stronghold-info enabled
- Apache stronghold-status enabled
- ColdFusion 9 Solr Service exposed
- Error page path disclosure
- Error page web server version disclosure
- File inclusion RFI list
- Checks for multiple vulnerabilities in XAMPP
- Server-Side Includes (SSI) injection on Unix
- Server-Side Includes (SSI) injection on Windows
- ASP.NET error messages when requesting URL like |.aspx
Improvements:
- Added more variants to FCKeditor arbitrary file upload
- Updated cross site scripting in path security checks
- Updated directory listing security checks
- Updated directory traversal on Unix security checks
- Updated file upload security checks
- Updated LDAP injection security checks
- Updated possible sensitive files security checks
- Updated XPath injection security checks
Bug Fixes:
- Workaround for window.open used with NULL parameter
- Notify elements that they are unbidden
- Notify form if an input was removed
- Include select element values in submitted data
- Fixed: HttpProt was sending content length with CONNECT
- Fixed: Crawler didn’t consider post data for links from CSA engine; some where ignored
- Fixed: Login sequence recorder was sending requests synchronously
How to upgrade to build 20100203:
On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download. To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.
Click here for the complete Acunetix WVS change log.
Get the latest content on web security
in your inbox each week.