New build introduces HTTP Responses in Alerts, adds manual intervention, vulnerability checks in Cisco ASA, Apache Tomcat

Acunetix v12 (build 12.0.180725167) has been released. This new build adds detection for vulnerabilities in Cisco ASA, Apache Tomcat, Altassian Jira, Spring, JBoss and misconfigured nginx installations. The new build also includes HTTP Responses in the vulnerability alerts, and re-introduces manual intervention in the Login Sequence Recorder and a good number of additional updates and fixes. Below is a full list of updates.

New Features

  • HTTP response is now shown for vulnerabilities detected (only affects new scans)
  • Manual Intervention has been implemented in v12.

New Vulnerability checks

  • Added detection of Java Object Deserialization vulnerabilities
  • Added detection for Cisco ASA Path Traversal (CVE-2018-0296)
  • Added tests for misconfigured nginx aliases that can lead to a path traversal
  • Added detection of Spring Security Authentication Bypass Vulnerability (CVE-2016-5007)
  • Added detection of weak/insecure permissions for Atlassian Jira REST interface
  • Added detection of Apache Tomcat Information Disclosure (CVE-2017-12616)
  • Added detection of Spring Data REST Remote Code Execution (CVE-2017-8046)
  • Added detection of Insecure Odoo Web Database Manager
  • Added detection of JBoss Remote Code Execution (CVE-2015-7501 and CVE-2017-7504)
  • Added detection of WebSphere Remote Code Execution (CVE-2015-7450)
  • Updated WordPress Plugin vulnerability detection.

Updates

  • Password is no longer required when configuring client certificate for a Target
  • Additional memory optimization
  • Scanner will now report when the LSR cannot login
  • Application Error Message vulnerability check updated to provide more details on the error
  • Reports, XML exports and WAF exports now use a more meaningful filename
  • Reports now show the status of a scan
  • Scan debug logs now include imported files
  • Increased maximum number of Issue Trackers that can be configured.

Fixes

  • Fixed multiple crashes while scanning
  • Scanner will now re-authenticate when website invalidates authentication during scan (applies to HTTP authentication only)
  • Scanner sometimes fails to decode LSR output, leading to an unauthenticated scan, now fixed
  • Fixed many issues causing vulnerabilities to be undetected or to be detected incorrectly
  • Two fixes affecting the setting of Cookies
  • Fixed issue in RSS parsing
  • Fields with certain characters in the name (such as $) were not being tested
  • Some out of scope paths were still being crawled
  • Fix in the Autologin
  • Upon upgrade, user is asked to “Logout from Other Session”: Fixed
  • Fixed Target and Vulnerabilities reports that were failing
  • Fixed recurrent scans for Standard licenses that were being disabled
  • Fixed some reports were generated without file extension.

Upgrade to the latest build

If you are already using Acunetix v12, you can initiate the automatic upgrade from the new build notification in the Acunetix UI > Settings page.
If you have not yet installed or upgraded to Acunetix v12, you may download Acunetix version 12 from here. Use your current Acunetix License Key to download and activate your product.

Share this post

Leave a Reply

Your email address will not be published.