v14.7.220329162 - 30 Mar 2022 Copy Link Copy Link Version 14 build 14.7.220329162 for Windows, Linux and macOS – 30th March 2022 Updates Upgraded Chromium to v99.0.4844.84
v14.7.220322147 - 28 Mar 2022 Copy Link Copy Link Version 14 build 14.7.220322147 for Windows, Linux and macOS – 28th March 2022 New Vulnerability checks Test for host CMS Theme Preview XSS (CVE-2021-29484) Updates Engines page in UI now shows the number of Targets bound to a scanning engine Vulnerabilities page in UI shows the Target Tracker Issue Id when the vulnerability is sent to an Issue Tracker Upgraded Chromium to v99.0.4844.0 JWT audit checks are now done on GET / POST parameters Fixes Fixed several Scanner crashes Numerous UI updates / fixes Fixed error when configuring GitHub Issue Trackers Numerous fixes related to CSRF token management Better handling of imported URLs that are excluded in LSR fixed issue causing pre-request scripts to be renamed, causing import scripts not to fail to be loaded
v14.7.220228146 - 01 Mar 2022 Copy Link Copy Link Version 14 build 14.7.220228146 for Windows, Linux and macOS – 1st March 2022 New Features .NET IAST Sensor (AcuSensor) can now be installed on .NET Core v3 and v5 on Windows (with Kestrel server) Acunetix Scanner updated to support Routes for frameworks supported by the IAST sensors (AcuSensor) Added support for Laravel framework in PHP IAST Sensor (AcuSensor) Added support for CodeIgnitor framework in PHP IAST Sensor (AcuSensor) Added support for Symphony framework in PHP IAST Sensor (AcuSensor) Added support for ASP.NET MVC in .NET Core IAST Sensor (AcuSensor) Added support for Razor Pages in .NET Core in .NET IAST Sensor (AcuSensor) Added support for Web API in .NET Framework and .NET Core IAST Sensors (AcuSensor) Added support for Spring MVC in JAVA IAST Sensor (AcuSensor) Added support for Spring Struts2 in JAVA IAST Sensor (AcuSensor) New Vulnerability Checks Acunetix has been updated to detect the following vulnerabilities using IAST: LDAP Injection Unsafe Reflection of Untrusted Data XPath Injection Email Header Injection Deserialization of Untrusted Data MongoDB Injection Server-side template injection (SSTI) Server-side request forgery (SSRF) Acunetix IAST (AcuSensor) has been updated to detect over 30 new server-side misconfigurations across all sensors New check for Magento Config File Disclosure New check for BillQuick Web Suite SQL injection (CVE-2021-42258) New check for Apache Airflow Experimental API Auth Bypass (CVE-2020-13927) New check for Apache Airflow default credentials New check for Apache Airflow Exposed configuration New check for Apache Airflow Unauthorized Access Vulnerability New check for GoCD information disclosure (CVE-2021-43287) New check for Grafana Plugin Dir Traversal (CVE-2021-43798) New check for NodeBB Arbitrary JSON File Read (CVE-2021-43788) New check for ManageEngine Desktop Central Deserialization RCE (CVE-2020–10189) New check for SolarWinds Orion API Auth bypass (CVE-2020-10148) New check for Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193) New check for VMware vCenter vcavbootstrap Arbitrary File Read New check for Pentaho API Auth bypass (CVE-2021-31602) New check for Sonicwall SMA 100 Unintended proxy (CVE-2021-20042) New check for VMware vCenter Log4Shell RCE New check for VMware Horizon Log4Shell RCE New check for MobileIron Log4Shell RCE New check for Ubiquiti Unifi Log4Shell RCE New check for Apache OFBiz Log4Shell RCE New check for Apache Struts2 Log4Shell RCE New check for Apache Solr Log4Shell RCE New check for Apache JSPWiki Log4Shell RCE New WordPress Core and WordPress plugins checks Updates IAST Sensors (AcuSensor) capabilities have been updated to improve the detection of: Arbitrary File Creation Directory Traversal SQL Injection Remote Code Execution Acunetix will start reporting when an old version of the IAST Sensor (AcuSensor) is installed on the web application Considerable update to the handling of CSRF tokens The Vulnerabilities page now includes a unique Vulnerability ID Multiple UI updates Multiple DeepScan updates Fixes Fixed issue with Gitlab issue types not showing in UI Fixed issue with Amazon AWS WAF export Fixed several scanner crashes Fixed issue with .NET IAST AcuSensor not working on IIS prior to version 10 Fixed issue with Node.js IAST AcuSensor causing web application to stop working Fixed ordering issue caused in PDF Comprehensive reports for multiple scans Fixed timeout issue causing IAST data not to reach the Acunetix scanner
v14.6.220117111 - 18 Jan 2022 Copy Link Copy Link Version 14 build 14.6.220117111 for Windows, Linux and macOS – 18th January 2022 Updates Updated Python binaries to v3.8.10 Updated WordPress plugin and WordPress core vulnerability checks
v14.6.211220100 - 20 Dec 2021 Copy Link Copy Link Version 14 build 14.6.211220100 for Windows, Linux and macOS – 20th December 2021 New Vulnerability Checks Apache Log4j RCE vulnerability check updated to detect blind (delayed) instances of the vulnerability
v14.6.211215172 - 16 Dec 2021 Copy Link Copy Link Version 14 build 14.6.211215172 for Windows, Linux and macOS – 16th December 2021 New Vulnerability Checks Apache Log4j RCE vulnerability check updated to detect the vulnerability in web server exceptions Apache Log4j RCE vulnerability check updated to execute on various HTTP Headers Updates Updated the scanner to test custom headers used by the web application
v14.6.211213163 - 13 Dec 2021 Copy Link Copy Link Version 14 build 14.6.211213163 for Windows, Linux and macOS – 13th December 2021 New Vulnerability Checks New check for Apache Log4j RCE (CVE-2021-44228)
v14.6.211207099 - 07 Dec 2021 Copy Link Copy Link Version 14 build 14.6.211207099 for Windows, Linux and macOS – 7th December 2021 New Features Scanner supports detecting HTTP/2 vulnerabilities New Vulnerability Checks New check for Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF) New check for HTTP/2 pseudo-header server-side request forgery New check for Web Cache Poisoning DoS through HTTP/2 headers New check for HTTP/2 Web Cache Poisoning New check for Ghost CMS Theme Preview XSS (CVE-2021-29484) New check for GitLab ExifTool RCE (CVE-2021-22205) New check for Limited Remote File Read/Include in Jira Software Server (CVE-2021-26086) New check for Sitecore XP Deserialization RCE (CVE-2021-42237) Updates Improved handling of Laravel CSRF tokens Added possibility to restrict scanning a Target using the Main Installation’s scanning engine Added ability to configure blocking of requests to Ad services Multiple UI updates Multiple DeepScan updates Multiple updates to the PHP AcuSensor Fixes Fixed: SQLi false negative caused when AcuSensor is installed Fixed: Incremental scans not starting when scheduled via Jenkins plugin Fixed: 2 issues in .NET sensor injector CLI Fixed: Node.js sensor not working on https sites Fixed: Not all paths are importing from specific Burp state file Fixed: Scanner crashes when parsing specific GraphQL and Swagger 2 files Fixed: Specific excluded paths can cause the scanner to hang Fixed: multiple scanner hangs Fixed: Race condition between LSR and BLR Fixed: Imported urls ignored when site redirects from http to https Fixed: Incorrect permissions for some Acunetix files / folders on Linux / Mac
v14.5.211115146 - 16 Nov 2021 Copy Link Copy Link Version 14 build 14.5.211115146 for Windows, Linux and macOS – 16th November 2021 New Features New OWASP Top 10 2021 compliance report JAVA AcuSensor now supports JDK 11 New Vulnerability Checks New check for GitLab ExifTool RCE (CVE-2021-22205) New check for Sitecore XP Deserialization RCE (CVE-2021-42237) Fixes Fixed issue causing hang in scanner Fixed issue causing some vulnerabilities not to be detected when AcuSensor is enabled and not installed on the web application