Changelogs

Acunetix Standard & Premium

RSS Feed

v12.0.180801120 - 01 Aug 2018

Copy Link Copy Link
Version 12 (build 12.0.180801120) - 1st August 2018

Fixes

  • Fixed the detection of some DOMXSS variants
  • Fixed scanner crash

v12.0.180725167 - 26 Jul 2018

Copy Link Copy Link
Version 12 (build 12.0.180725167) - 26th July 2018

New Features

  • HTTP response is now shown for vulnerabilities detected (only affects new scans)
  • Manual Intervention has been implemented in v12

New Vulnerability checks

  • Added detection of Java Object Deserialization vulnerabilities
  • Added detection for Cisco ASA Path Traversal (CVE-2018-0296)
  • Added tests for misconfigured nginx aliases that can lead to a path traversal
  • Added detection of Spring Security Authentication Bypass Vulnerability (CVE-2016-5007)
  • Added detection of weak/insecure permissions for Atlassian Jira REST interface
  • Added detection of Apache Tomcat Information Disclosure (CVE-2017-12616)
  • Added detection of Spring Data REST Remote Code Execution (CVE-2017-8046)
  • Added detection of Insecure Odoo Web Database Manager
  • Added detection of JBoss Remote Code Execution (CVE-2015-7501 and CVE-2017-7504)
  • Added detection of WebSphere Remote Code Execution (CVE-2015-7450)
  • Updated WordPress Plugin vulnerability detection

Updates

  • Password is no longer required when configuring client certificate for a Target
  • Additional memory optimizations
  • Scanner will now report when the LSR cannot login
  • Application Error Message vulnerability check updated to provide more details on the error
  • Reports, XML exports and WAF exports now use a more meaningful filename
  • Reports now show the status of a scan
  • Scan debug logs now include imported files
  • Increase maximum number of issues trackers that can be configured

Fixes

  • multiple crashes while scanning
  • Scanner will now re-authenticate when website invalidates authentication during scan (applies to HTTP authentication only)
  • Scanner sometimes fails to decode LSR output, leading to an unauthenticated scan
  • Fixed many issues causing vulnerabilities not to be detected or to be detected incorrectly
  • Two fixes affecting the setting of Cookies
  • Fixed issue in RSS parsing
  • Fields with certain characters in the name (such as $) were not being tested
  • Some out of scope paths were still being crawled
  • Fix in the Autologin
  • Upon upgrade, user is asked to “Logout from Other Session”
  • Target and Vulnerabilities reports were failing
  • Recurrent scans for Standard licenses were being disabled
  • some reports were generated without file extension

v12.0.180709159 - 09 Jul 2018

Copy Link Copy Link
Version 12 (build 12.0.180709159) – 9th July 2018

New Features and Vulnerability tests

Updates

  • Scanner will automatically continue scanning when http redirects to https
  • Improvement in memory usage
  • Acunetix will now hand over DNS resolution to Proxy Server when configured
  • Improved messaging during installation

Fixes

  • Scanner crash in DeepScan
  • Scanner hang when certain LSR files are used
  • Incomplete scans in certain situations, such as when using import files

v12.0.180628131 - 28 Jun 2018

Copy Link Copy Link
Version 12 (build 12.0.180628131) – 28th June 2018

New Features and Vulnerability tests

Fixes

  • Fixed issue with NTLM HTTP Authentication
  • Fixed issue causing some pages not to load correctly in the LSR
  • Fixed 2 false positives for “User controllable charset” and “User controllable script source”
  • Fixed issue in handling HAR import files

v12.0.180619111 - 19 Jun 2018

Copy Link Copy Link
Version 12 (build 12.0.180619111) – 19th June 2018

New Features and Vulnerability tests

Fixes

  • Crash dump was sometimes not being created

v12.0.180615105 - 15 Jun 2018

Copy Link Copy Link
Version 12 (build 12.0.180615105) – 15th June 2018

Updates

  • More improvements to Web Application Detection
  • Reports not show if a scan has failed

Fixes

  • Scanner was not parsing all AcuSensor data, causing some vulnerabilities not to be reported when AcuSensor is used
  • Some reqeusts to HTTPs sites were being downgraded to HTTP

v12.0.180611183 - 11 Jun 2018

Copy Link Copy Link
Version 12 (build 12.0.180611183) – 11th June 2018

New Features and Vulnerability tests

  • Introduced system to automatically avoid testing similar pages
  • New check for Oracle Weblogic WLS-WSAT Component Deserialization RCE affecting versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0 (CVE-2017-10271)
  • New check for PHPUnit RCE affecting versions 4.8.28 and 5.x before 5.6.3 (CVE-2017-9841)
  • New check for Edge Side Include Injection vulnerabilities
  • New check for Dotenv (.env and variants) files
  • New check for Joe Text Editor DEADJOE file
  • New check for Symfony configuration file
  • New check for Laravel (PHP framework) log files
  • New check for publicly accessible backup directory in Drupal Backup Migrate

Updates

  • Updated timeout and retries for HTTP requests done by some vulnerability checks
  • Updated Web Application Detection checks to make less HTTP requests resulting in faster scans
  • Various minor updates to the UI
  • Improved parsing of robots.txt
  • Improved detection of default index files
  • Acunetix now shows the number of licensed Targets in the License section of the UI

Fixes

  • Some addresses were not parsed correctly, resulting in incorrect paths
  • Some addresses were not detected, resulting in missing paths
  • Some paths where being detected incorrectly
  • Scanner crash when allowed hosts are used
  • Scanner crash when parsing some pages
  • Scanner hang when crawling caused by DeepScan
  • No links parsed from pages without Content-Type header
  • Some vulnerability checks duplicated the query values
  • Sitemap was always being detected
  • Fixed validation issues in Security Settings > Account Lockout > Lockout timeout
  • License checks was failing for some installations

v12.0.180521161 - 22 May 2018

Copy Link Copy Link
Version 12 (build 12.0.180521161) – 22nd May 2018

Updates

  • DeepScan has been updated to ignore images resulting in faster scans

Fixes

  • Excluded paths not taken into consideration
  • Parts of the scan were not using the Custom 404
  • Some paths where not identified correctly

v12.0.180517125 - 17 May 2018

Copy Link Copy Link
Version 12 (build 12.0.180517125) – 17th May 2018

New Features and Vulnerability tests

Updates

  • Updated detection of Drupal installations
  • Changed to a more moderate definition of a Target for licensing purposes
  • Number of Targets and Users configured are now shown in the UI > Licensing section
  • UI now shows if the latest build is being used, and allows the user to check for updates manually

Fixes

  • Multiple updates and fixes to the HTML parser
  • Multiple updates and fixes to the Acunetix UI
  • Auto-login was making unnecessary requests
  • Some vulnerabilities were showing ‘null’ URL
  • Data from AcuSensor was not being interpreted correctly
  • Account lockout settings were not being saved
  • Fix in the scanner which was making some vulnerability checks not to work
  • Some vulnerability checks making unnecessary requests
  • Some vulnerability details where not being encoded correctly
  • Custom 404 detection was not working
  • Fix in AcuMonitor affecting some tests
  • DeepScan was not interpreting correctly paths containing a dot
1 13 14 15 26