Acunetix Premium - v15.4.230222085

New features

• Improved the default roles.

New security checks

• Updated the WordPress plugin vulnerabilities.
• Updated the software composition analysis database.
• New security check for detection of ASP.NET core in the development mode.
• Added various checks for Content Security Policy misconfiguration.
• New security check for Oracle Web Applications Desktop Integrator unauthenticated takeover. (CVE-2022-21587)
• New security check for Deserialization RCE vulnerability in Oracle Access Manager OpenSSO Agent. (CVE-2021-35587)
• Updated the file extensions and parameter exclusions.
• New security check for F5 BIG-IP Cookie Remote Information Disclosure.
• New security check detecting retired hash functions usage in SAML.
• Improved the SQL injection check to identify whether the database user has admin privileges.

Improvements

• Added the Heuristic server-side routing detection to optimize attacks.
• Updated the embedded Chromium browser to v109.0.5414.119.
• Added the company name field to the registration process to Acunetix.
• Updated the issue tracker integrations to show the link to the relevant ticket created in those issue trackers.
• Updated the DISA STIG report to version 5.2.
• Improved the CSV importing link to limit the target limit to 500.
• Improved the scanner engine to reduce the memory footprint.
• Improved the .NET IAST sensor to mask any password.

Fixes

• Fixed the pagination bug on the Targets page.
• Fixed the crawler issue that the page becomes unresponsive when it contains many elements.
• Fixed the single-page application crawler to be consistent in the form submission.
• Fixed a notification bug that does not redirect users to the correct URL for the finished scan.
• Fixed the bug that does not refresh the user interface after the update.