Acunetix introduces support for Brotli encoding, IAST support for new Node.js frameworks, and many new vulnerability checks

A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.5.211008143.

This Acunetix release introduces support for the Brotli encoding and URL optional fields. The Node.js IAST AcuSensor has been updated to support numerous frameworks and the JAVA IAST AcuSensor can now be used on Tomcat 10.0.x. This latest update includes new vulnerability checks for Jira, Apache HTTP Server, Oracle BI, as well as numerous improvements, updates, and product fixes.

New features

• Added support for URL optional fields
• Added support for Brotli encoding
• JAVA AcuSensor can now be used on Tomcat 10.0.x
• Added support for the Restify framework in the Node.js sensor
• Added support for the LoopBack framework in the Node.js sensor
• Added support for the Sequelize ORM in the Node.js sensor
• Added support for the router package in the Node.js sensor
• Added support for the Director router in the Node.js sensor

New vulnerability checks

• New check for Apache HTTP Server source code disclosure
• New check for ManageEngine ADSelfService Plus authentication bypass (CVE-2021-40539)
• New check for Oracle Business Intelligence ReportTemplateService XXE (CVE-2021-2400)
• New check for Jira unauthorized user enumeration (CVE-2020-14181)
• New check for Jira unauthorized user enumeration via UserPickerBrowser
• New check for Jira projects accessible anonymously
• New check for Payara Micro file read (CVE-2021-41381)

Updates

• Export to AWS WAF is now available on all pages that allow WAF export
• Updated the pre-request scripts, making it easier to update the session header value
• Updated the detection of WAFs to support new WAFs
• Improved the detection of development files
• Improved the JavaScript library audit checks

Fixes

• Fixed an issue in the Paros import
• Fixed an issue with the scanner causing false negatives when processing specific pages
• Fixed an issue in the AWS WAF export
• Fixed an issue with the PHP sensor not being detected when used on a large site with many files
• Fixed an issue causing pre-request scripts not to be loaded by the scanner
• Fixed 3 issues in Postman imports
• Fixed a false negative in Django debug mode vulnerability check
• Fixed an issue causing high response times in the UI caused by a large number of targets configured
• Fixed a false positive in the User credentials are sent in clear text check

Upgrade to the latest build

If you are already using Acunetix build 14.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.

If you are using Acunetix build 13.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.