Acunetix Standard & Premium

Note: There will be no new updates of the MacOS on premise installations. MacOS users can switch to Acunetix Premium Online, or use Acunetix On Premise in a virtual environment or on Docker.

New Features

• Acunetix can now be installed on Redhat Enterprise Linux (RHEL) 9

New Vulnerability checks

• Added check for Permissions-Policy header
• Added check for unrestricted access to Karma monitoring interface
• Added check for Go web application binary disclosure

Updates

• SCA: Improved the detection of components used by JAVA web application
• Updated to Chromium v106.0.5249.61
• Updated PHP AcuSensor to better support web applications using the Slim Framework
• Improved support for HTTP calls from Axios
• Updated CWE Top 25 Most Dangerous Software Weaknesses to 2022 list of weaknesses
• Scan results and scan reports will include the Acunetix version used to conduct the scan
• Updated PHP sensor to report MongoDB injection
• Updated PHP sensor to report Server-side Template Injection (SSTI)
• Increased the detection of default GraphQL Introspection URLs
• Implemented heartbeat for connections between scanner and AcuSensor bridge
• Multiple DeepScan updates
• Improved the auditing of JavaScript Libraries

Fixes

• Fixed issue which might cause Blind SSRF in the Issue Tracker and Proxy configuration
• Fixed 3 authorization problems
• Fixed memory exhaustion bug in Heuristic Links Verifier
• Fixed: Malware was being reported when invalid / unknown malware was reported by Windows Defender
• Fixed some crashes in the scanner
• Updated Network scans to not abort if initial ICMP ping fails
• Fixed error when sending vulnerabilities to Jira Issue Tracker
• Fixed UI error when filtering vulnerabilities by time

New Features

• Added support for the Zend Framework in the PHP IAST AcuSensor

New Vulnerability Checks

• New check for Oracle E-Business Suite iStore open user registration
• New check for InfluxDB Unauthorized Access Vulnerability
• New check for Bonita Authorization Bypass (CVE-2022-25237)
• New check for Oracle ADF Faces ‘Miracle’ RCE (CVE-2022-21445)

Updates

• Various DeepScan Improvements
• Updated to Chromium 104.0.5112.101 (Linux) / 104.0.5112.102 (Windows)
• Improved XSS in URI (folder/file)
• Improved handling of SourceMaps
• Updated exposed web installers check
• Updated exposed development files check
• Updated exposed monitoring systems check

Fixes

• Fixed issue in the PHP IAST AcuSensor when reporting SCA components
• Fixed scanner crash

Fixes

• Fixed issue when using Acunetix on Amazon Linux 2

New Features

• JAVA IAST sensor now supports JBoss, Jetty and Wildfly JAVA Severs
• Improved support for Servlet3 and Jersey JAVA Frameworks

New Vulnerability Checks

• New IAST checks for Expression Language Injection
• New IAST checks for Hibernate Query Injection
• New test for Apache OFBiz Log4Shell RCE (CVE-2021-44228)
• New WordPress plugin checks
• New / updated JavaScript Audit checks

Updates

• Various UI improvements
• Improved detection of Directory Traversal vulnerabilities
• Improved detection of Directory Listing vulnerabilities
• Improved detection of development files
• Several improvements to LSR / DeepScan

Fixes

• Fixed issue causing some vulnerabilities detected by AcuSensor not to show as AcuSensor verified
• Fixed issue causing routes to not be listed by JAVA IAST sensor
• Fixed 2 issues in Target CSV import
• Fixed issue causing SCA not to be done on JAVA Spring boot web applications
• Fixed issue causing some checks not to be executed on cookies with Secure flag