New update includes a new scanning algorithm, support for Spring Framework and new vulnerability checks for Ruby on Rails, Jira, Apache Tapestry, Golang, vBulletin, and others

Acunetix version 12 (build 12.0.191121158) has been released.

This new build introduces a new scanning algorithm that removes redundant scanning tasks. In addition, the scanning tasks are prioritized in a way that gives dissimilar locations higher scanning priority, improving the time to detect dissimilar vulnerabilities. The latest Acunetix update adds a good number of important vulnerability checks and includes various updates and fixes, which are available for all editions of Acunetix.

Here is the full set of updates:

New Features

• New scanning algorithm resulting in faster scans
• The scanner will give higher priority to locations that are dissimilar to ones that have already been scanned
• JAVA AcuSensor now supports the JAVA Spring Framework

New Vulnerability Checks

• New check for Ruby on Rails code injection
• New check for Perl code injection
• AcuMonitor can now detect OOB PHP evaluation of user input
• New check for prototype pollution
• New check for blind XSS via CSP report-uri
• New check for Jira Unauthorized SSRF via REST API
• New check for Apache Tapestry weak secret key
• New check for Oracle PeopleSoft SSO weak secret key
• New check for Yii2 weak secret key
• New check for Web2py weak secret key
• New check for Golang runtime profiling data
• New check for Adminer 4.6.2 file disclosure vulnerability
• New check for Apache mod_rewrite open redirect (CVE-2019-10098)
• New check for Flask weak secret key
• New check for Express express-session weak secret key
• New check for vBulletin 5.x 0day pre-auth RCE
• New check for argument injection
• New checks for WordPress core, WordPress plugins, and Joomla

Updates

• Deepscan is now caching static assets; this will result in faster scans
• Improved memory consumption by the scanner
• Improved processing of forms and form handling
• Improved detection of paths
• The scanner will now process commented-out HTML
• Updated command injection payloads

Fixes

• Fixed scanner crash
• Fixed WAF detection false positive
• Fixed: Check for sensitive files was accessing restricted links
• Fixed issue causing the scanner to multi-line session validation pattern
• Fixed: Some locations were incorrectly detected by DeepScan
• Fixed issue causing integrated LSR to close due to ad blocking
• Fixed issue with HAR import files
• Fixed issue in the detection of weak authentication credentials
• Fixed issue affecting the detection of DOM XSS vulnerabilities
• Fixed issue in the detection of a possible username and password disclosure
• Fixed issue with recording restricted links in Internet Explorer
• Fixed: Tech admin can now configure the engine to be used for a target
• Fixed issue affecting scanning of domains with international characters

Upgrade to the latest build

If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.

If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your Acunetix License Key to download and activate your product.

THE AUTHOR

Nicholas Sciberras
Principal Program Manager
LinkedIn

As the Principal Program Manager, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams, and provided technical training.