Acunetix releases IAST support for WebSphere and improves crawling of SPAs

A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.9.220713150

This Acunetix release introduces IAST support for WebSphere enabling the use of the Java IAST sensor (AcuSensor) with this Java server. In addition, Acunetix DeepScan has been updated to better scan single-page applications (SPAs), allowing for better identification of the APIs used by the web application. The Acunetix UI received additional updates, including the feature to copy the HTTP request used to identify a vulnerability to a cURL command. This Acunetix update also includes a number of new vulnerability checks, updates, improvements, and product fixes.

New features

• Java IAST AcuSensor can now be used on WebSphere
• HTTP requests can be copied as cURL commands from the vulnerability data

New vulnerability checks

• New check for the DotCMS unrestricted file upload (CVE-2022-26352)
• New check for the.NET JSON.NET deserialization RCE
• New check for the unauthenticated RCE in Confluence Server and Data Center (CVE-2022-26134)
• New check for the authentication bypass via MongoDB operator injection
• New check for the MongoDB $where operator JavaScript injection

Updates

• Multiple DeepScan updates that improve crawling of single-page applications (SPAs)
• Upgraded Chromium to v103.0.5060.114
• Improved handling of installed.json by the PHP IAST AcuSensor
• SCA, AcuMonitor (OOB vulnerability checks), and URL malware checks now require Acunetix Online Services to be enabled in the user profile
• Updated the MongoDB injection checks
• Various UI updates and fixes

Fixes

• Multiple fixes in the Java and .NET IAST AcuSensors
• Fixed a false negative in the Possible virtual host found check
• Fixed a bug causing CSRF tokens to be retrieved using HTTP
• Fixed a false positive in the Apache HTTP server source code disclosure check

Upgrade to the latest build

If you are already using Acunetix build 14.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.

If you are using Acunetix build 13.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.