A new Acunetix Premium update has been released for Windows, Linux, and macOS: 14.9.220713150
This Acunetix release introduces IAST support for WebSphere enabling the use of the Java IAST sensor (AcuSensor) with this Java server. In addition, Acunetix DeepScan has been updated to better scan single-page applications (SPAs), allowing for better identification of the APIs used by the web application. The Acunetix UI received additional updates, including the feature to copy the HTTP request used to identify a vulnerability to a cURL command. This Acunetix update also includes a number of new vulnerability checks, updates, improvements, and product fixes.
- Java IAST AcuSensor can now be used on WebSphere
- HTTP requests can be copied as cURL commands from the vulnerability data
New vulnerability checks
- New check for the DotCMS unrestricted file upload (CVE-2022-26352)
- New check for the.NET JSON.NET deserialization RCE
- New check for the unauthenticated RCE in Confluence Server and Data Center (CVE-2022-26134)
- New check for the authentication bypass via MongoDB operator injection
- Multiple DeepScan updates that improve crawling of single-page applications (SPAs)
- Upgraded Chromium to v103.0.5060.114
- Improved handling of installed.json by the PHP IAST AcuSensor
- SCA, AcuMonitor (OOB vulnerability checks), and URL malware checks now require Acunetix Online Services to be enabled in the user profile
- Updated the MongoDB injection checks
- Various UI updates and fixes
- Multiple fixes in the Java and .NET IAST AcuSensors
- Fixed a false negative in the Possible virtual host found check
- Fixed a bug causing CSRF tokens to be retrieved using HTTP
- Fixed a false positive in the Apache HTTP server source code disclosure check
Upgrade to the latest build
If you are already using Acunetix build 14.x, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > About page.
If you are using Acunetix build 13.x or earlier, you need to download Acunetix from here. Use your Acunetix license key to download and activate your product.
Get the latest content on web security
in your inbox each week.