New build checks for vulnerabilities in Apache products, Coldfusion, ACME mini_httpd and Spring Security

Acunetix version 12 (build 12.0.181218140 – Windows and Linux) has been released. This new build checks for vulnerabilities in Apache Solr, Apache mod_jk, Coldfusion, ACME mini_httpd, Spring Security. The new build also includes a number of updates and important fixes.

The new vulnerability checks, updates and fixes are available for both Windows and Linux.

New Vulnerability checks

• New test for Apache Solr XXE (CVE-2017-12629)
• New test for RCE in Spring Security OAuth (CVE-2016-4977)
• New test for Apache mod_jk access control bypass (CVE-2018-11759)
• New test for Unauthenticated Stored XSS in WordPress Plugin WPML (CVE-2018-18069)
• New test for ACME mini_httpd (web server) arbitrary file read (CVE-2018-18778)
• New test for OSGi Management Console Default Credentials
• New test for Flex BlazeDS AMF Deserialization RCE (CVE-2017-5641)
• New test for common misconfigurations in ColdFusion
• New test for AMF Deserialization RCE in ColdFusion (CVE-2017-3066)
• New test for JNDI injection in ColdFusion (CVE-2018-15957)
• New test for unauthenticated File uploading in ColdFusion (CVE-2018-15961)
• New WordPress / WordPress plugin vulnerability checks

Updates

• Improved the injection of payloads and other improvements in the handling of JSON data
• Updated Chromium to fix Chromium vulnerability
• Improved web application detection

Fixes

• Corrected LSR launch message for Linux installations
• Fixed Update License issue on Internet Explorer
• Fixed several memory leaks/scanner closing unexpectedly
• Fixed issue affecting the processing of some content types
• Some cookies were being added multiple times during the scan
• Some redirects were not being correctly handled
• Some requests generated by the scanner incorrectly contained two backslashes (‘//’)
• Fixed issue in the Backup Folders checks going out of scope
• Several minor fixes

Upgrade to the latest build

If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.