Acunetix Premium - v13.0.200911154

New Features

• New Data Retention settings, providing the ability to:
  • Keep the last 3 scans for each target and archive previous scans
  • Delete archived scans which are older than 2 years
  • The above data retention settings are configurable
  • The above settings affect vulnerabilities detected, which are archived / deleted accordingly
• A default scan profile can be configured for each target
• Forgot Password option for Acunetix On premise, allowing users to reset their password - Email settings need to be configured
• Detect paths in JavaScript code via static method analysis
• Ability to retrieve links from several HTTP headers
• Scanner will try to auto-discover API definitions

New Vulnerability Checks

• New check for SAP NetWeaver RECON (CVE-2020-6287)
• New check for DNN (DotNetNuke) CMS Cookie Deserialization RCE (CVE-2017-9822)
• New check for Insecure Referrer Policy
• New check for Remote code execution of user-provided local names in Rails
• New check for Cisco Adaptive Security Appliance (ASA) Path Traversal (CVE-2020-3452)
• New check for Total.js Directory Traversal (CVE-2019-8903)
• New check for Envoy Metadata disclosure
• New checks for WordPress Core / Plugins / Themes, Drupal and Joomla vulnerabilities

Updates

• Vulnerabilities are now shown as grouped by Vulnerability Type and FQDNs
• Numerous improvements affecting vulnerability deduplication
• Deleted Targets will not be showing in the UI by default
• Malicious links detected will be highlighted in the vulnerability report
• Ability to scan all Targets in a Target Group
• Improved Swagger support implementation
• Updated backup files/folders and possible sensitive files checks to report alerts on parent of file detected
• Time zone can now be configured by each user account
• User accounts can now change UI to Chinese
• .NET Sensor updated to support .NET Core
• Updated Session Fixation vulnerability check to avoid possible False Positives
• Updated to Chromium v83

Fixes

• Fixed issue with offline activation
• Fixed a few crashes occurring on specific sites
• Fixed issue affecting AcuMonitor when scanning certain sites
• Various small UI fixes
• Fixed Target Deletion issue for Consult licenses
• Fixed: PDF report generation was failing in specific situations
• Fixed issue causing HTTP requests passing through a proxy to fail
• Fixed issue affecting relative HTTP redirects
• Fixed issue causing Manual Intervention not to work on Linux
• Fixed issue causing DeepScan to miss some DOMXSS vulnerabilities
• Fixed text overlapping issue in reports
• Fixed issue causing Telerik Web UI RadAsyncUpload Deserialization (CVE-2019-18935) to not always be detected
• Fixed: 'HTTP Strict Transport Security (HSTS) not implemented' and 'HTTP Strict Transport Security (HSTS) Best Practices' where using the same name
• Fixed: Sensitive files / directories checks were missing Attack details
• Fixed issue caused when sorting scans by target description
• fixed a few issues in the Login Sequence Recorder and Business Logic Recorder