Acunetix 10 build includes security checks in CORS configurations, Rails web applications and identifies the vBulletin 5 RCE

Acunetix 10 (build 20151125) has been released. This new build checks for insecure DNS records, insecure CORS configurations, Rails web applications running in development mode, web applications running Tornado and Pyramid in debug mode and various new and updated vulnerability checks including one for vBulletin 5 RCE. Below is the full list of updates.

New Features

  • Added a test looking for insecure CORS configurations.
  • Added a test looking for CVE-2014-7829 – Arbitrary file existence disclosure in Action Pack.
  • Added a test looking for Rails application running in development mode.
  • Added a test looking for CVE-2015-7808 vBulletin 5 PreAuth RCE.
  • Added a test looking for Insecure DNS records
  • Added a test looking for Spring Boot Actuator
  • Added a test looking for Tornado Debug mode
  • Added a test looking for Pyramid Debug mode
  • Implemented PHP object deserialization of user-supplied data
  • Added a test looking for older versions of the ZeroClipboard SWF library that are vulnerable to a cross-site scripting vulnerability.

Improvements

  • Updated WordPress plugins and WordPress core checks.
  • Improved tests for possible sensitive directories and sensitive files.
  • Improved Apache Axis audit script.
  • Added a test for Java object deserialization of user-supplied data
  • Various improvements for XSS detection.
  • Improved HTML structural parser and added allow to robots.txt parser
  • Added support for WADL files when served using content-type application/vnd.sun.wadl+xml

Bug Fixes

  • Fixed crash cause during auto session detection.
  • Security fix for privilege escalation reported by security researcher Daniele Linguaglossa

How to Upgrade

If you are running Acunetix Web Vulnerability Scanner v10, you will be notified that a new build is available to download when you start the application. Navigate to the General > Program Updates node in the Tools explorer, click on Download and Install the new build.

If you are running Acunetix WVS v8 or v9, you should follow the upgrade instructions available in the “Upgrading from a previous version of Acunetix Web Vulnerability Scanner” in the Acunetix WVS user manual.

You can see the complete Acunetix WVS change log here. If you have any technical questions, feel free to email the Acunetix Support Team.

Share this post

Leave a Reply

Your email address will not be published.