Acunetix v12 (build 12.0.180611183) has been released. This new build introduces new vulnerability checks for Oracle Weblogic, PHPUnit, Edge Side Include Injection and other vulnerabilities. The new build also includes a good number of updates and several important fixes. Below is a full list of updates.
New Features and Vulnerability tests
- Introduced system to automatically avoid testing similar pages
- New check for Oracle Weblogic WLS-WSAT Component Deserialization RCE affecting versions 10.3.6.0.0, 126.96.36.199.0, 188.8.131.52.0 and 184.108.40.206.0 (CVE-2017-10271)
- New check for PHPUnit RCE affecting versions 4.8.28 and 5.x before 5.6.3 (CVE-2017-9841)
- New check for Edge Side Include Injection vulnerabilities
- New check for Dotenv (.env and variants) files
- New check for Joe Text Editor DEADJOE file
- New check for Symfony configuration file
- New check for Laravel (PHP framework) log files
- New check for publicly accessible backup directory in Drupal Backup Migrate.
- Updated timeout and retries for HTTP requests done by some vulnerability checks
- Updated Web Application Detection checks to make less HTTP requests resulting in faster scans
- Various minor updates to the UI
- Improved parsing of robots.txt
- Improved detection of default index files
- Acunetix now shows the number of licensed Targets in the License section of the UI.
- Some addresses were not parsed correctly, resulting in incorrect paths
- Some addresses were not detected, resulting in missing paths
- Some paths were being detected incorrectly
- Scanner crash when allowed hosts are used
- Scanner crash when parsing some pages
- Scanner hang when crawling caused by DeepScan
- No links parsed from pages without Content-Type header
- Some vulnerability checks duplicated the query values
- Sitemap was always being detected
- Fixed validation issues in Security Settings > Account Lockout > Lockout timeout
- License checks was failing for some installations.
Upgrade to the latest build
If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you have not yet installed or upgraded to Acunetix v12, you may download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Nicholas Sciberras. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/WTa-FvYD5Tw/