Acunetix v12 (build 12.0.180821106) has been released. This new build adds checks for vulnerabilities in Liferay, Apache Shiro, RichFaces, Telerik and Tomcat. The new build also includes a number of updates and fixes. Below is a full list of updates.
New Vulnerability checks
- Detection of Liferay TunnelServlet Deserialization Remote Code Execution
- Detection of Liferay XMLRPC Blind SSRF
- Detection of older versions of Liferay
- Detection of publicly writable Amazon S3 Buckets
- Detection of Apache Shiro Deserialization RCE
- Detection of RichFaces EL Injection RCE
- Detection of Spring JSONP enabled by default in MappingJackson2JsonView (CVE-2018-11040)
- Detection of Spring Webflow SPEL RCE (CVE-2017-4971)
- Detection of Telerik Web UI Cryptographic Weakness
- Detection of Rails Sprockets Path Traversal Vulnerability (CVE-2018-3760)
- Detection of Tomcat path traversal via reverse proxy mapping
- New Vulnerability checks for WordPress and Drupal.
- Reduced the number of requests required for Web Application Detection
- Improved the JSON and the Generic document parser
- Improved handling of non-responsive sites.
- Fixed a few infrequent crashes
- Fixed Malware link checking vulnerability test
- Fixed issue causing scan to be aborted on redirect to different FQDN for login
- Fixed issue causing Scan Comparison reports to fail
- Fixed issue causing the scanner not to crawl certain HTTPs sites correctly when using proxy.
Upgrade to the latest build
If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you have not yet installed or upgraded to Acunetix v12, you may download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Nicholas Sciberras. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/0h5JVCf7-8E/