Acunetix update introduces support for macOS Big Sur, support for ShadowRoot, improved CSRF token handling, and new vulnerability checks
A new Acunetix update has been released for Windows and Linux: 13.0.200911154, and macOS: 13.0.201217092.
This Acunetix update introduces support for macOS Big Sur, ShadowRoot, and includes a substantial improvement in the handling of CSRF tokens. It also introduces the detection of web cache poisoning DoS, client-side prototype pollution, vulnerabilities in Zabbix, TYPO3, Oracle WebLogic, SAP IGS, Odoo, and Apache Unomi MVEL. In addition, there are numerous updates and fixes, all of which are available for all editions of Acunetix.
New Features
- Big improvement of CSRF token handling
- Added support for ShadowRoot
- Added support for macOS Big Sur
New Vulnerability Checks
- New test for Zabbix authentication bypass / guest user
- New test for TYPO3 admin publicly accessible
- New test for TYPO3 debug mode enabled
- New test for Oracle WebLogic remote code execution via IIOP
- New test for web cache poisoning DoS
- New test for client-side prototype pollution
- Improved web cache poisoning test
- New test for SAP IGS XXE (CVE-2018-2392, CVE-2018-2393)
- New test for Odoo LFI (CVE-2019-14322)
- New test for Unrestricted access to Odoo DB manager
- New test for Apache Unomi MVEL RCE (CVE-2020-13942)
Updates
- Updated the UI for the multi-engine system
- Multiple updates to the PHP AcuSensor
- Multiple updates to the Login Sequence Recorder
- Scanning engine updated to support the use of a proxy server with NTLM authentication
Fixes
- Fixed an issue that caused the browser to fail to launch on Kali
- Fixed an issue that caused the AcuSensor not found message to not be displayed
- Fixed a false positive in the following test: Zend Framework LFI via XXE
- Fixed a false positive in the following test: directory traversal
- Fixed a false positive in the following test: cookie(s) with missing, inconsistent, or contradictory properties
- Fixed a false positive in the following test: Apache Struts2 remote command execution (S2-052)
- Fixed an issue with highlighting of a vulnerability in a response
- Fixed an issue in the following test: Slow Loris
- Fixed an issue in the WADL importer
- Fixed a crash in the scanner
- Fixed minor issues in the Comprehensive Report
- Fixed an issue causing Acunetix to lose license information
Upgrade to the Latest Build
If you are already using Acunetix build 13.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.
If you are using Acunetix build 12.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.
Get the latest content on web security
in your inbox each week.
THE AUTHOR
Chief Technical Officer
As the CTO at Acunetix, Nicholas is passionate about IT security and technology at large. Prior to joining Acunetix in 2012, Nicholas spent 12 years at GFI Software, where he managed the email security and anti-spam product lines, led multiple customer service teams and provided technical training.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Nicholas Sciberras. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/FgtE31N-Gbo/
