A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.8.220519149.
This Acunetix release introduces support for JBoss, Jetty and WildFly, allowing the Java IAST sensor (AcuSensor) to be used with these Java servers. In addition, the Java IAST sensor has been updated to fully support Servlet 3 and Jersey, improving the coverage for scans performed on web applications that use these Java frameworks. This Acunetix update also includes a number of new vulnerability checks, updates, improvements, and product fixes.
New features
- The Java IAST sensor now supports JBoss, Jetty and WildFly Java Severs
- Improved support for Servlet3 and Jersey Java Frameworks
New vulnerability checks
- New IAST checks for expression language injection
- New IAST checks for Hibernate query injection
- New test for Apache OFBiz Log4Shell RCE (CVE-2021-44228)
- New WordPress plugin checks
- New/updated JavaScript audit checks
Updates
- Various UI improvements
- Improved detection of directory traversal vulnerabilities
- Improved detection of directory listing vulnerabilities
- Improved detection of development files
- Several improvements to LSR/DeepScan
Fixes
- Fixed an issue causing some vulnerabilities detected by AcuSensor not to show as AcuSensor verified
- Fixed an issue causing routes to not be listed by the Java IAST sensor
- Fixed 2 issues in target CSV import
- Fixed an issue causing SCA not to be done on Java Spring boot web applications
- Fixed an issue causing some checks not to be executed on cookies with the Secure flag
Upgrade to the latest build
If you are already using Acunetix build 14.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.
If you are using Acunetix build 13.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Principal Program Manager
