Acunetix update introduces support for macOS Big Sur, support for ShadowRoot, improved CSRF token handling, and new vulnerability checks

A new Acunetix update has been released for Windows, Linux and macOS: 13.0.201217092.

This Acunetix update introduces support for macOS Big Sur, ShadowRoot, and includes a substantial improvement in the handling of CSRF tokens. It also introduces the detection of web cache poisoning DoS, client-side prototype pollution, vulnerabilities in Zabbix, TYPO3, Oracle WebLogic, SAP IGS, Odoo, and Apache Unomi MVEL. In addition, there are numerous updates and fixes, all of which are available for all editions of Acunetix.

New Features

• Big improvement of CSRF token handling
• Added support for ShadowRoot
• Added support for macOS Big Sur

New Vulnerability Checks

• New test for Zabbix authentication bypass / guest user
• New test for TYPO3 admin publicly accessible
• New test for TYPO3 debug mode enabled
• New test for Oracle WebLogic remote code execution via IIOP
• New test for web cache poisoning DoS
• New test for client-side prototype pollution
• Improved web cache poisoning test
• New test for SAP IGS XXE (CVE-2018-2392, CVE-2018-2393)
• New test for Odoo LFI (CVE-2019-14322)
• New test for Unrestricted access to Odoo DB manager
• New test for Apache Unomi MVEL RCE (CVE-2020-13942)

Updates

• Updated the UI for the multi-engine system
• Multiple updates to the PHP AcuSensor
• Multiple updates to the Login Sequence Recorder
• Scanning engine updated to support the use of a proxy server with NTLM authentication

Fixes

• Fixed an issue that caused the browser to fail to launch on Kali
• Fixed an issue that caused the AcuSensor not found message to not be displayed
• Fixed a false positive in the following test: Zend Framework LFI via XXE
• Fixed a false positive in the following test: directory traversal
• Fixed a false positive in the following test: cookie(s) with missing, inconsistent, or contradictory properties
• Fixed a false positive in the following test: Apache Struts2 remote command execution (S2-052)
• Fixed an issue with highlighting of a vulnerability in a response
• Fixed an issue in the following test: Slow Loris
• Fixed an issue in the WADL importer
• Fixed a crash in the scanner
• Fixed minor issues in the Comprehensive Report
• Fixed an issue causing Acunetix to lose license information

Upgrade to the Latest Build

If you are already using Acunetix build 13.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.

If you are using Acunetix build 12.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.