New build checks for vulnerabilities in Apache Struts 2, Altassian Confluence, and introduces Multi-Engine feature

Acunetix v11 (build 11.0.172351036) has been released. This new build includes new vulnerability checks in Apache Struts 2, Atlassian Confluence and moment.js. It improves on the database backup file detection, jquery version fingerprint and introduces the new Multi-engine feature.

New Features and Vulnerability Tests

• Detection of Apache Struts 2 Showcase RCE (CVE-2017-9791)
• Check for .hgignore (Mercurial SCM configuration file)
• Check for Atlassian Confluence Stored XSS (CVE-2016-6283)
• Check for private key files with names based on ScanHost, e.g. “www.example.org.key”, “example.org.key”
• Check for moment.js Denial of Service (CVE-2016-4055)
• Various updates to the WordPress and Joomla checks
• Introduction of Multi-Engine functionality for Enterprise customers

Improvements

• Updated the Database backup file checks
• Improved Jquery version fingerprinting
• Updated detection of HttpOnly and Secure cookie flags
• Updated default Target list sorting

Fixes

• Fixed XSS detection issue
• Minor fix to the allow_url_fopen enabled check
• Fixed F5 BIP-AP ASM WAF XML export
• Fixed issue causing Acunetix not to be able to install on Chinese OS

Upgrade to the latest build

If you are already using Acunetix v11, you can initiate the automatic upgrade from the new build notification in the Acunetix UI .
If you have not yet installed or upgraded to Acunetix v11, you may download Acunetix version 11 from here. Use your current Acunetix License Key to download and activate the product.

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.