New build adds detection of vulnerabilities in WordPress, Django, multiple Spring Framework and Atlassian products
Acunetix v12 (build 12.0.180619111) has been released. This new build introduces new vulnerability checks for WordPress, Django, multiple Spring Framework and Atlassian products. Below is a full list of updates.
New Features and Vulnerability tests
- Spring Data Commons RCE via Spring Expression Language (SpEL) injection (CVE-2018-1273)
- Atlassian OAuth Plugin IconUriServlet SSRF, affecting multiple Atlassian products (CVE-2017-9506)
- WordPress REST API User Enumeration
- Django Debug Mode via DisallowedHost
- Tests for PHP-FPM (FastCGI Process Manager) Status Page
- Check for common test CGI scripts that are leaking environment variables
- Check Spring Boot Actuator information disclosure
- Check for RCE via Spring Boot WhiteLabel Error Page Spring Expression Language (SpEL)
- Atlassian Jira ManageFilters Information Disclosure
Fixes
- Crash dump was sometimes not being created
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Nicholas Sciberras. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/dLZZTh81vdk/