A new Acunetix update has been released for Windows, Linux, and macOS: 14.2.210503151.
This Acunetix update introduces Docker support, a new Scan Statistics page that is shown for each scan, and the ability to send vulnerability information to the AWS WAF. Customers sending vulnerabilities to their issue tracker can now manage such vulnerabilities better because the Acunetix UI will start showing the issue tracker ID. In addition, issue trackers can now be restricted to specific target groups allowing specific users the ability to send vulnerability information to specific issue trackers. This update includes a number of important vulnerability checks for well-known applications, as well as numerous updates and fixes, all of which are available for all editions of Acunetix.
New features
- Acunetix is now available on Docker
- New Scan Statistics page for each scan
- Vulnerability information can now be sent to the AWS WAF
New vulnerability checks
- New check for Hashicorp Consul API is accessible without authentication
- Multiple new checks for unrestricted access to a monitoring system
- Improvements to JavaScript library audit checks
- New check for Cisco RV series authentication bypass (CVE-2021-1472)
- New check for ntopng authentication bypass (CVE-2021-28073)
- New check for Agentejo Сockpit CMS reset password NoSQLi (CVE-2020-35847)
- New check for AppWeb authentication bypass (CVE-2018-8715)
- New check for Apache OFBiz SOAPService deserialization RCE (CVE-2021-26295)
- New check for F5 iControl REST unauthenticated remote command execution vulnerability (CVE-2021-22986)
- New check for Python debugger unauthorized access vulnerability
- New check for virtual host locations misconfiguration
- New check for request smuggling
Updates
- You can now select full rows and columns on the Excluded Hours page
- Updated UI with new Acunetix branding
- The issue tracker ID will be shown for vulnerabilities sent to any issue tracker
- Issue trackers can now be restricted to a specific target group
- The target description will be sent to the issue trackers
- Updated Jira integration to support Jira version 9
- Multiple updates to the JAVA AcuSensor
- The scanning engine will now test cookies on pages that do not have any inputs
- The scanner will stop testing cookies that have been found to be vulnerable
- Where possible, DOM XSS vulnerabilities will show the code snippet of the vulnerable JavaScript call
- CSV export will now show the target address
- The maximum size for a custom cookie configured for a target has been increased to 4096 characters
- New date filter on the Vulnerabilities page
- Vulnerability severity now shows text in addition to a color-coded icon
- Multiple updates to the LSR
- Added support for the BaseUrl / global variables in Postman import files
Fixes
- Fixed extra CR in target CSV export
- Fixed DeepScan crash
- Fixed: Discovery options are only shown to users with Access All Targets permission
- Fixed: Existing user’s details shown when adding a new user
- Fixed a scanner crash
- Fixed: Blind XSS check is now part of the XSS scanning profile
- Fixed: AcuMonitor checks were not performed when scan was done using an engine-only installation
- Fixed an issue causing AcuMonitor not to be registered when using an authenticated proxy
- Fixed an issue when loading vulnerabilities for a target group
- Fixed an issue with the Postman importer
- Fixed a sporadic issue when checking for new Acunetix updates on mac
- Fixed an issue in the WP XMLRPC pingback check
Upgrade to the latest build
If you are already using Acunetix build 14.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.
If you are using Acunetix build 13.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Principal Program Manager
