New build checks for vulnerabilities in Apache products, Coldfusion, ACME mini_httpd and Spring Security
Acunetix version 12 (build 12.0.181218140 – Windows and Linux) has been released. This new build checks for vulnerabilities in Apache Solr, Apache mod)jk, Coldfusion, ACME mini_httpd, Spring Security. The new build also includes a number of updates and important fixes.
The new vulnerability checks, updates and fixes are available for both Windows and Linux.
New Vulnerability checks
- New test for Apache Solr XXE (CVE-2017-12629)
- New test for RCE in Spring Security OAuth (CVE-2016-4977)
- New test for Apache mod_jk access control bypass (CVE-2018-11759)
- New test for Unauthenticated Stored XSS in WordPress Plugin WPML (CVE-2018-18069)
- New test for ACME mini_httpd (web server) arbitrary file read (CVE-2018-18778)
- New test for OSGi Management Console Default Credentials
- New test for Flex BlazeDS AMF Deserialization RCE (CVE-2017-5641)
- New test for common misconfigurations in ColdFusion
- New test for AMF Deserialization RCE in ColdFusion (CVE-2017-3066)
- New test for JNDI injection in ColdFusion (CVE-2018-15957)
- New test for unauthenticated File uploading in ColdFusion (CVE-2018-15961)
- New WordPress / WordPress plugin vulnerability checks
Updates
- Improved the injection of payloads and other improvements in the handling of JSON data
- Updated Chromium to fix Chromium vulnerability
- Improved web application detection
Fixes
- Corrected LSR launch message for Linux installations
- Fixed Update License issue on Internet Explorer
- Fixed several memory leaks/scanner closing unexpectedly
- Fixed issue affecting the processing of some content types
- Some cookies were being added multiple times during the scan
- Some redirects were not being correctly handled
- Some requests generated by the scanner incorrectly contained two backslashes (‘//’)
- Fixed issue in the Backup Folders checks going out of scope
- Several minor fixes
Upgrade to the latest build
If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Nicholas Sciberras. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/ApehA-fjh9s/