Acunetix Premium - v24.8.240828144

New Features

• Added support for Apache Tomcat 11 in JAVA IAST sensor
• RAML API specs can now be uploaded to extend the coverage of API scanning → Learn more
• Implemented support for scanning HTTP/2 websites
• Runtime SCA findings are now available on the Scan Details page (Acunetix Online only, On-Premises coming soon)
• A new scan report for SCA is now available → Learn more

New Security Checks

• Next.js image Blind SSRF
• SolarWinds Web Help Desk RCE (CVE-2024-28986)
• Apache HTTP Server Confusion Attacks (CVE-2024-38472, CVE-2024-39573, CVE-2024-38477, CVE-2024-38476, CVE-2024-38475, CVE-2024-38474, CVE-2024-38473, CVE-2023-38709)
• Jelly Template Injection Vulnerability in ServiceNow UI Macros (CVE-2024-4879, CVE-2024-5217)
• SuiteCRM SQL Injection (CVE-2024-36412)
• Odoo XSS (CVE-2023-1434)
• Mura/Masa CMS JSON API RCE
• Lucee CF_CLIENT_ RCE
• Lucee Stacktrace Information Disclosure
• Lucee Unset Admin Password
• Updated WordPress plugins vulnerabilities database
• GeoServer RCE (CVE-2024-36401)

Improvements

• Minor cosmetic UI/UX issues have been addressed across the app
• Updated list of exposed web installers reported
• The Scan Details screen for reviewing scan results has been modernized and upgraded
• Improved testing of path fragments
• The agent status now shows 'Unknown' instead of 'Error' when the agent hasn't shared its status for some time
• API Discovery: Added the ability to start scans directly from the list of discovered and linked APIs
• API Discovery: Added functionality to change the base URL of an already linked API
• Updated scanner to handle security definitions within Swagger

Fixes

• Updated the scanner to use default scan speed settings when scan speed settings are missing
• Fixed a false positive in the detection of Possible Virtual Host Found
• Fixed a false positive in the detection of CVE-2024-6387