New build checks for vulnerabilities in Apache products, Coldfusion, ACME mini_httpd and Spring Security

Acunetix version 12 (build 12.0.181218140 – Windows and Linux) has been released. This new build checks for vulnerabilities in Apache Solr, Apache mod)jk, Coldfusion, ACME mini_httpd, Spring Security. The new build also includes a number of updates and important fixes.

The new vulnerability checks, updates and fixes are available for both Windows and Linux.

New Vulnerability checks

• New test for Apache Solr XXE (CVE-2017-12629)
• New test for RCE in Spring Security OAuth (CVE-2016-4977)
• New test for Apache mod_jk access control bypass (CVE-2018-11759)
• New test for Unauthenticated Stored XSS in WordPress Plugin WPML (CVE-2018-18069)
• New test for ACME mini_httpd (web server) arbitrary file read (CVE-2018-18778)
• New test for OSGi Management Console Default Credentials
• New test for Flex BlazeDS AMF Deserialization RCE (CVE-2017-5641)
• New test for common misconfigurations in ColdFusion
• New test for AMF Deserialization RCE in ColdFusion (CVE-2017-3066)
• New test for JNDI injection in ColdFusion (CVE-2018-15957)
• New test for unauthenticated File uploading in ColdFusion (CVE-2018-15961)
• New WordPress / WordPress plugin vulnerability checks

Updates

• Improved the injection of payloads and other improvements in the handling of JSON data
• Updated Chromium to fix Chromium vulnerability
• Improved web application detection

Fixes

• Corrected LSR launch message for Linux installations
• Fixed Update License issue on Internet Explorer
• Fixed several memory leaks/scanner closing unexpectedly
• Fixed issue affecting the processing of some content types
• Some cookies were being added multiple times during the scan
• Some redirects were not being correctly handled
• Some requests generated by the scanner incorrectly contained two backslashes (‘//’)
• Fixed issue in the Backup Folders checks going out of scope
• Several minor fixes

Upgrade to the latest build

If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you are using a previous version of Acunetix, you need to download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.