Acunetix WVS Build History

Build v7.0.20111005 - 5th October 2011

New Features:

  • The Client Script Analyzer engine now supports jQuery, jQuery UI, and YUI Library
  • New URL Rewrite option: Match full URI. When enabled, a URL rewrite rule can be matched against the whole URI and not just the path

Improvements:

  • Major AcuSensor improvements for PHP
  • Inclusion of more variables discovered by Acusensor during a scan

Bug Fixes:

  • Login Sequence Recorder uses the specified Proxy settings correctly

Build v7.0.20110920 - 20th September 2011

New Security Check:

  • Security check for Apache httpd remote denial of service

Improvements:

  • Firefox plugin now supports Firefox v.6
  • Inclusion of more variables discovered by Acusensor during a scan

Bug Fixes:

  • Fixed HTTP verb tampering security checks with further reduction of false positives
  • Paths edited in HTTP Authentication settings node are being saved correctly
  • Actions menu is appearing correctly in the Small Business Edition

Build v7.0.20110823 - 23rd August 2011

New Security Checks:

  • Complex security check for Timthumb (detects WordPress installations and checks for vulnerable plugins and themes
  • Includes bruteforcing capabilites to look for plugins/themes that contain the Timthumb script
  • Security check for Sun/Oracle GlassFish Server Authentication Bypass (same check includes some additional checks for GlassFish)

Updates:

  • Updated Firefox plugin to support Firefox 5

Bug Fix:

  • Fixed an enumeration problem while parsing a WSDL with inputs that have a lot of possible values.

Build v7.0.20110711 - 17th July 2011

New Feature:

  • Included IMAGE tag with source in crawler for more detailed crawling data.

Improvements:

  • Improved Cross-site scripting checks.
  • Introduced a number of improvements in the Client Script Analyzer (CSA) module for better Web 2.0 crawling.

Bug Fixes:

  • Fixed crash in Login Sequence Recorder when accessing specific sites with frames.
  • Fixed Access Violation in fuzzer if XML filetype is selected and set an invalid filename.
  • Fixed issue when authenticating against websites using Digest and NTLM.
  • Fixed a file browser crash if visualizing file during scanning.
  • Fixed a crash when loading saved scans from specific websites.
  • Corrected interpretion of HTML encoding in Crawler.
  • Fixed Access Violation in Fuzzer

Build v7.0.20110518 - 18th May 2011

Bug Fixes:

  • Fixed where the Acusensor Technology files were updated incorrectly.
  • Fixed Access Violation when scan is stopped.
  • Fixed user interface incorrect behaviour.

Build v7.0.20110406 - 6th April 2011

New feature:

  • AcuSensor details are now exported in the report as well.

Bug Fixes:

  • Fixed a bug in cross domain check script.
  • Fixed 2 crashes in the scanner software.
  • Fixed a bug in DOM XSS security check.

Build v7.0.20110308 - 8th March 2011

New features:

  • Acunetix WVS will parse SVN repositories file structure and crawl it automatically

New security checks:

  • ClientAccessPolicy.xml and CrossDomain.xml security checks
  • Git repository security checks
  • Check if htaccess file is readable
  • Nginx PHP Code Execution via FastCGI
  • Nginx buffer underflow vulnerability
  • Nginx PHP FastCGI Code Execution File Upload.

Improvement:

Bug fixes:

  • Maximum directory depth value was not working properly
  • HTTP limitations were not respected from scripts
  • When scanning a domain with subdomains, in some cases multiple scans were created for the same subdomain
  • Properly handling of situations when a file redirects to itself from http to https.

Build v7.0.20110209 - 9th February 2011

New features:

  • PCI 2.0 compliance report template
  • CWE/SANS top 25 complaince report template

Improvement:

  • Input fields now support wildcards and priorities (read the section Traversing Web Form Pages in the Acunetix WVS user manual for more information)

Bug fix:

  • Fixed: access violation in Client Script analyzer engine

Build v7.0.20110124- 24th January 2011

New features:

  • New type of XSS test introduced (parameter was set to javascript:...)

Bug fixes:

  • Fixed: Scanner crash when scanning https sites with client certificates.
  • Fixed: A number of particular checks were not performed when scanning from crawl results.
  • Fixed: Login Sequence Recorder: different user agent string was sent with XHR.
  • Fixed: Reports were not sent as attachments when scanning a list of URLs from the Scheduler.
  • Fixed: Fixed incorrect error message popup in scheduler "there is already a queue starting a that time when the queues were of different type"
  • Fixed: Crawler MaximumVariationCount was being ignored in the scanner settings.
  • Fixed: eval() security check moved from scanner to crawler.
  • Fixed: Aborting of analysis while executing events in CSA engine not always working.
  • Fixed: CSA engine "Worker already executing" exception.
  • Fixed: In XML or AVDL export CDATA content is no longer encoded.