A new Acunetix update has been released for Windows, Linux, and macOS: 14.1.210316110.
This Acunetix update introduces web asset discovery, allowing Acunetix users to easily identify web assets, which might have been forgotten and which belong to their organization. In addition, the Acunetix UI now features a new FQDN page, making it easier to identify all the licensed targets, and the multi-engine configuration is now easier than ever thanks to a number of enhancements. This update includes a number of important vulnerability checks for well-known applications, numerous updates, and fixes, all of which are available for all editions of Acunetix.
New Features
- Web asset discovery, allowing users to discover domains related to their organization or web assets already configured in Acunetix
- A new page showing all the target FQDNs that consume a target license
New Vulnerability Checks
- New test for the SonicWall SSL-VPN 8.0.0.0 RCE via ShellShock exploit
- New test for the Node.js debugger unauthorized access vulnerability
- New test for the Node.js inspector unauthorized access vulnerability
- New test for the Apache Shiro authentication bypass (CVE-2020-17523)
- New test for the reflected cross-site scripting (XSS) vulnerability in the PAN-OS management web interface (CVE-2020-2036)
- New test for the missing authentication check in SAP Solution Manager (CVE-2020-6207)
- New test for the VMware vCenter Server unauthorized remote code execution vulnerability (CVE-2021-21972)
- New test for the Delve debugger unauthorized access vulnerability
- New check for HTTP response splitting with cloud storage
- New tests for WordPress plugins
Updates
- Acunetix updated to fully support NTLM Authentication for proxy authentication
- Multiple LSR/BLR and DeepScan updates and fixes
- Updated Chromium to v88.0.4298.0
- Updated Postgres database to v13.2
- The Engines page has been updated to show the following:
- Status (online or otherwise) for each engine
- The build number for each engine
- Any license issues are reported as part of the status for each engine
- Multi-engine setups will start to automatically update the engine-only installations when the main installation is updated
- The UI will reload after Acunetix is upgraded
- The WAF Export button renamed to Export to, and the feature has been added to the Scans page
- Multiple updates to the Comprehensive report
- Proxy settings can now be specified for each issue tracker
- Updated JavaScript library audit check to cover libraries not hosted on the scanned target
- Users can now be created from the API
- Updated CORS check
Fixes
- Fixed a bug in the Vulnerabilities in SharePoint could allow elevation of privilege check
- Fixed an issue causing a check for updates to occasionally fail on macOS
- Fixed an issue causing DOM XSS sink to not always be shown in the code extract displayed in the alert
- Fixed an issue resulting from using a custom collection in a TFS issue tracker configuration
- Fixed an issue in the WordPress XML-RPC pingback abuse check
- Fixed the DeepScan crash issue
- Fixed a false positive in the broken link hijacking check
- The vulnerability CSV export now includes the URL where the vulnerability was detected
Upgrade to the Latest Build
This update includes upgrades to the Postgres database. Windows users can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page. Linux and macOS users will need to download Acunetix from here and upgrade manually. Use your Acunetix license key to download and activate your product.
You can find more information on how to upgrade to Acunetix v14 here.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Principal Program Manager
