Acunetix version 12 (build 12.0.180911134) has been released. This new build adds two new AcuMonitor checks, detection of Web Cache Poisoning, Apache Struts RCE, URL rewrite vulnerabilities and Drupal Core Open Redirect. This new build has a good number of updates and some important fixes. Below is a full list of updates.
New Vulnerability Checks
- Added detection for Apache Struts Remote Code Execution (S2-057) (CVE-2018-11776)
- Added detection for URL rewrite vulnerability due to legacy header support (CVE-2018-14773)
- Added detection for Web Cache Poisoning
- Added detection of HTTP (non-SSL) origin accessing HTTPS resource
- Added detection of Yii2 Framework’s development extensions
- Added detection for Cross-Origin Resource Sharing (CORS) origin validation failure
- Added detection for Drupal Core Open Redirect
- Added detection for Python pickle serialization
- New AcuMonitor Test – Detection of Reverse Proxy Misrouting (SSRF)
- New AcuMonitor Test – Detection of Attacks on Auxiliary Systems (SSRF)
- New vulnerability checks for multiple WordPress plugins and Joomla Core.
- Multiple updates to the SSL checks
- Various memory optimizations
- Less requests required to verify AcuMontior checks.
- Fixed bug in testing of cookie values
- Fixed memory issues, causing some scans to exit unexpectedly
- Fixed bug causing some scans to crash when paused and resumed
- Fixed issue causing some scans to be aborted immediately because of error status on initial response
- Fixed issue causing some locations to get omitted from site structure
- Multiple fixes to import file feature
- Fixed issue that caused DeepScan not to use all cookies
- Custom headers were added twice on redirect
- Fixed issue affecting some sites using SSO.
Upgrade to the latest build
If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Nicholas Sciberras. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/FA_PK6Z4I1k/