New build highlights verified vulnerabilities, checks for Nagios XI RCE, Cisco ISE XSS, Rails File Content Disclosure

Acunetix version 12 (build 12.0.190325161 – Windows and Linux) has been released. This new build indicates which vulnerabilities are verified and includes vulnerability checks for RCE in Nagios XI, XSS in Cisco Identity Service Engine, Rails File Content Disclosure, Apache Solr Deserialization of untrusted data, Next.js arbitrary file read and an update to detect XSS in newer versions of Apache. The new build also includes a number of updates and fixes, all of which are available for both Windows and Linux.

New Features

• Verified vulnerabilities are now indicated by Acunetix

New Vulnerability Checks

• Test for Cisco Identity Service Engine XSS (CVE-2018-15440)
• Test for Arbitrary File Read in Next.js
• Test for Nagios XI Magpie_debug.php Unauthenticated RCE (CVE-2018-15708)
• Test for Horde Imp Unauthenticated Remote Command Execution
• Test for publicly available Apache balancer-manager application
• Test for Rails File Content Disclosure in Action View (CVE-2019-5418)
• Test for Apache Solr Deserialization of untrusted data via jmx.serviceUrl (CVE-2019-0192)
• Test for PHP opcache-status page
• Added a test for /jolokia
• Updated XSS checks to detect vulnerabilities on newer versions of Apache Tomcat

• Added new WordPress Core and WordPress Plugins vulnerability checks

Updates

• Updated Directory Traversal vulnerability check
• Improved detection of Blind SQL Injection
• On Linux, OOM Killer will now stop less important processes
• Improve handling of XHR requests in Deepscan
• Multiple improvements to the LSR and Session detection
• Scan Stats are now retained between Pause/Resume
• Improved the detection of paths from JSON and XML
• Improve techniques used to detect type of input in web form
• Multiple minor UI updates

Fixes

• Fixed multiple instances of scanner stopping unexpectedly
• Fixed false positive reported by WordPress plugin All in One SEO Pack privielege escalation check
• Fixed issue causing the same web application to be detected multiple times
• Some vulnerability alerts did not show the HTTP Response
• Fixed issue causing incorrect processing of default values in forms
• HTTP redirects were not being detected
• Fixed issue in File Upload XSS vulnerability check
• Fixed issue causing PerFolder scripts not to be executed on all folders
• Fixed issue causing HAR file importing to fail
• Fixed issue causing LSR to fail to load Target with uppercase address
• Fixed issue causing SharePoint Reflected Cross-Site Scripting (CVE-2017-8514) not to be reported

Upgrade to the latest build

If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.