Acunetix Premium - v14.7.220228146

New Features

• .NET IAST Sensor (AcuSensor) can now be installed on .NET Core v3 and v5 on Windows (with Kestrel server)
• Acunetix Scanner updated to support Routes for frameworks supported by the IAST sensors (AcuSensor)
• Added support for Laravel framework in PHP IAST Sensor (AcuSensor)
• Added support for CodeIgnitor framework in PHP IAST Sensor (AcuSensor)
• Added support for Symphony framework in PHP IAST Sensor (AcuSensor)
• Added support for ASP.NET MVC in .NET Core IAST Sensor (AcuSensor)
• Added support for Razor Pages in .NET Core in .NET IAST Sensor (AcuSensor)
• Added support for Web API in .NET Framework and .NET Core IAST Sensors (AcuSensor)
• Added support for Spring MVC in JAVA IAST Sensor (AcuSensor)
• Added support for Spring Struts2 in JAVA IAST Sensor (AcuSensor)

New Vulnerability Checks

• Acunetix has been updated to detect the following vulnerabilities using IAST:
  • LDAP Injection
  • Unsafe Reflection of Untrusted Data
  • XPath Injection
  • Email Header Injection
  • Deserialization of Untrusted Data
  • MongoDB Injection
  • Server-side template injection (SSTI)
  • Server-side request forgery (SSRF)
  • Acunetix IAST (AcuSensor) has been updated to detect over 30 new server-side misconfigurations across all sensors
• New check for Magento Config File Disclosure
• New check for BillQuick Web Suite SQL injection (CVE-2021-42258)
• New check for Apache Airflow Experimental API Auth Bypass (CVE-2020-13927)
• New check for Apache Airflow default credentials
• New check for Apache Airflow Exposed configuration
• New check for Apache Airflow Unauthorized Access Vulnerability
• New check for GoCD information disclosure (CVE-2021-43287)
• New check for Grafana Plugin Dir Traversal (CVE-2021-43798)
• New check for NodeBB Arbitrary JSON File Read (CVE-2021-43788)
• New check for ManageEngine Desktop Central Deserialization RCE (CVE-2020–10189)
• New check for SolarWinds Orion API Auth bypass (CVE-2020-10148)
• New check for Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
• New check for VMware vCenter vcavbootstrap Arbitrary File Read
• New check for Pentaho API Auth bypass (CVE-2021-31602)
• New check for Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
• New check for VMware vCenter Log4Shell RCE
• New check for VMware Horizon Log4Shell RCE
• New check for MobileIron Log4Shell RCE
• New check for Ubiquiti Unifi Log4Shell RCE
• New check for Apache OFBiz Log4Shell RCE
• New check for Apache Struts2 Log4Shell RCE
• New check for Apache Solr Log4Shell RCE
• New check for Apache JSPWiki Log4Shell RCE
• New WordPress Core and WordPress plugins checks

Updates

• IAST Sensors (AcuSensor) capabilities have been updated to improve the detection of:
  • Arbitrary File Creation
  • Directory Traversal
  • SQL Injection
  • Remote Code Execution
• Acunetix will start reporting when an old version of the IAST Sensor (AcuSensor) is installed on the web application
• Considerable update to the handling of CSRF tokens
• The Vulnerabilities page now includes a unique Vulnerability ID
• Multiple UI updates
• Multiple DeepScan updates

Fixes

• Fixed issue with Gitlab issue types not showing in UI
• Fixed issue with Amazon AWS WAF export
• Fixed several scanner crashes
• Fixed issue with .NET IAST AcuSensor not working on IIS prior to version 10
• Fixed issue with Node.js IAST AcuSensor causing web application to stop working
• Fixed ordering issue caused in PDF Comprehensive reports for multiple scans
• Fixed timeout issue causing IAST data not to reach the Acunetix scanner