Acunetix version 12 (build 12.0.181012141) has been released. This new build reports sites that do not implement Content Security Policy (CSP) or Subresource Integrity (SRI) and detects Node.js source disclosure, Ghostscript RCE, SSRF in Paperclip and other vulnerabilities. This new build has a good number of updates and some important fixes. Below is a full list of updates.
New Vulnerability Checks
- New check for Content Security Policy (CSP) not implemented
- New check for Subresource Integrity (SRI not implemented
- New check for Node.js web application source code disclosure
- New check for Ghostscript RCE via file upload
- New check for Paperclip Server-Side Request Forgery (SSRF) via file upload (CVE-2017–0889)
- New check for WPEngine _wpeprivate/config.json information disclosure
- New check for Cross-site Scripting in HTTP-01 ACME challenge implementation
- New check for npm log file disclosure
- New check for PHP-CS-Fixer cache file disclosure
- Multiple new WordPress and Joomla vulnerability checks.
- License keys can now be updated via the Acunetix web UI
- Additional memory improvements
- Improved exclusion of parameters
- Multiple updates to existing vulnerability checks
- Improved CORS origin validation failure checks
- Improved Pickle Serialization check.
- Manual Intervention was not working after a paused scan is resumed
- Scans for some sites using Digest HTTP Authentication were stopping unexpectedly
- Additional fixes for issues causing scans exiting unexpectedly
- Fixed issue causing many product update requests when proxy authentication is incorrectly configured
- Fixed: Some backup files / folders were not being identified
- Fixed: Some vulnerabilities were incorrectly reported in the site root
- Fixed issue in similar page detection causing scans to take longer than expected
- Fixed issue causing valid sessions not to be identified correctly during the scan.
Upgrade to the latest build
If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Nicholas Sciberras. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/Owwvbcz6QLE/