Acunetix Premium - v12.0.190827161

New Features

  • Implemented support for OpenSearch
  • Acunetix will try to discover hidden parameters and test them
  • Acunetix can now check base64 encoded JSON inputs for vulnerabilities

New Vulnerability Checks

  • New test for Oracle Business Intelligence Convert XXE (CVE-2019-2767)
  • New test for Oracle Business Intelligence Adfresource Path traversal (CVE-2019-2588)
  • New test for Oracle Business Intelligence AuthBypass (CVE-2019-2768)
  • New test for Oracle Business Intelligence ReportTemplateService XXE (CVE-2019-2616)
  • New test for Jira RCE (CVE-2019-11581)
  • New test for Test for Atlassian Crowd RCE (CVE-2019-11580)
  • New tests for Python Code Injection
  • New test for Apache Spark RCE [https://spark.apache.org/security.html] (CVE-2018-11770)
  • New test for ColdFusion Deserialization RCE (CVE-2019-7091)
  • Implemented support for OpenID Connect Discovery
  • Detect and report Apple application association files
  • Added new checks for WordPress plugins, Drupal core and Joomla core

Updates

  • Updated UI to accept IPv6 addresses
  • Multiple improvements to DeepScan
  • Improved the Directory Traversal check
  • Updated the scan limits, reducing repeated requests to larger sites
  • Acunetix will now extract and process gzipped files
  • Multiple updates to parsing and heuristic crawler features
  • Improved the vulnerability deduplication - similar vulnerabilities will be reported once
  • Improved reporting of the cause of scan failures (e.g. website is unresponsive, invalid import file etc)
  • Credentials provided to Auto-Login or LSR will not be used for vulnerability tests
  • Improved processing of Selenium scripts
  • Improved login form detection by Auto-Login feature
  • Improved WebLogic detection, and testing for default WebLogic credentials
  • Improved detection of Vulnerable JavaScript libraries check

Fixes

  • Fixed a number of issues causing the scanner to stop unexpectedly
  • Fixed issue causing AcuMonitor checks to be done when AcuMonitor is not enabled
  • Fixed issue with WSDL parsing
  • Fixed: Reflected tests (e.g. reflected XSS) was not done on JSON inputs
  • Fixed issue causing 100% CPU usage when processing certain pages
  • Fixed hang in the Acunetix Administrative Password utility on Windows
  • Fixed: DeepScan was not processing XHTML pages
  • Fixed issue causing Chromiumn process to remain active after PDF report generation
  • Fixed issue caused by background requests when recording a login sequence
  • Fixed issue when recording a login sequence on a site that uses cross-domain iframes
  • Fixed issue when parsing WADL
  • Fixed issue causing Host Header Attack false negatives