Acunetix Premium - v12.0.180725167

New Features

  • HTTP response is now shown for vulnerabilities detected (only affects new scans)
  • Manual Intervention has been implemented in v12

New Vulnerability checks

  • Added detection of Java Object Deserialization vulnerabilities
  • Added detection for Cisco ASA Path Traversal (CVE-2018-0296)
  • Added tests for misconfigured nginx aliases that can lead to a path traversal
  • Added detection of Spring Security Authentication Bypass Vulnerability (CVE-2016-5007)
  • Added detection of weak/insecure permissions for Atlassian Jira REST interface
  • Added detection of Apache Tomcat Information Disclosure (CVE-2017-12616)
  • Added detection of Spring Data REST Remote Code Execution (CVE-2017-8046)
  • Added detection of Insecure Odoo Web Database Manager
  • Added detection of JBoss Remote Code Execution (CVE-2015-7501 and CVE-2017-7504)
  • Added detection of WebSphere Remote Code Execution (CVE-2015-7450)
  • Updated WordPress Plugin vulnerability detection

Updates

  • Password is no longer required when configuring client certificate for a Target
  • Additional memory optimizations
  • Scanner will now report when the LSR cannot login
  • Application Error Message vulnerability check updated to provide more details on the error
  • Reports, XML exports and WAF exports now use a more meaningful filename
  • Reports now show the status of a scan
  • Scan debug logs now include imported files
  • Increase maximum number of issues trackers that can be configured

Fixes

  • multiple crashes while scanning
  • Scanner will now re-authenticate when website invalidates authentication during scan (applies to HTTP authentication only)
  • Scanner sometimes fails to decode LSR output, leading to an unauthenticated scan
  • Fixed many issues causing vulnerabilities not to be detected or to be detected incorrectly
  • Two fixes affecting the setting of Cookies
  • Fixed issue in RSS parsing
  • Fields with certain characters in the name (such as $) were not being tested
  • Some out of scope paths were still being crawled
  • Fix in the Autologin
  • Upon upgrade, user is asked to "Logout from Other Session"
  • Target and Vulnerabilities reports were failing
  • Recurrent scans for Standard licenses were being disabled
  • some reports were generated without file extension