An updated build of Acunetix WVS Version 6.5 has been released with a number of new security checks, improvements and bug fixes.

New security checks:

• 8.3 DOS filename source code disclosure
• Apache Tomcat Directory Host Appbase authentication bypass vulnerability
• Apache Tomcat WAR File directory traversal vulnerability
• Apache stronghold-info enabled
• Apache stronghold-status enabled
• ColdFusion 9 Solr Service exposed
• Error page path disclosure
• Error page web server version disclosure
• File inclusion RFI list
• Checks for multiple vulnerabilities in XAMPP
• Server-Side Includes (SSI) injection on Unix
• Server-Side Includes (SSI) injection on Windows
• ASP.NET error messages when requesting URL like |.aspx

Improvements:

• Added more variants to FCKeditor arbitrary file upload
• Updated cross site scripting in path security checks
• Updated directory listing security checks
• Updated directory traversal on Unix security checks
• Updated file upload security checks
• Updated LDAP injection security checks
• Updated possible sensitive files security checks
• Updated XPath injection security checks

Bug Fixes:

• Workaround for window.open used with NULL parameter
• Notify elements that they are unbidden
• Notify form if an input was removed
• Include select element values in submitted data
• Fixed: HttpProt was sending content length with CONNECT
• Fixed: Crawler didn’t consider post data for links from CSA engine; some where ignored
• Fixed: Login sequence recorder was sending requests synchronously

How to upgrade to build 20100203:

On starting up Acunetix WVS, a pop up window will automatically notify you that a more recent build is available for download.  To download the latest build, navigate to General > Program Updates node in the Tools explorer, and click on Download and Install new build.

Click here for the complete Acunetix WVS change log.

Contact us on support@acunetix.com for any technical queries, and on sales@acunetix.com for any sales queries.