Acunetix 360 On-Demand - v24.7.0
This update includes changes to the internal agents. The internal scan agent’s current version is 24.7.0. The internal authentication verifier agent’s current version is 24.7.0.
New Features
- Added custom headers for communication between Agents and AcuMonitor
- Added a warning message when creating scan targets for websites that do not have a hostname mapped to an IP address
New Security Checks
- Added detection for supply chain attacks through Polyfill JS
- Added detection for GeoServer SQLi (CVE-2023-25157)
- Added checks for various WordPress plugins
Improvements
- Improved Credit Card Disclosure Security Check
- Set the severity of 'Possible XSS' vulnerabilities to 'Informational'
- Improved various Sensitive Data Exposure security checks
- Improved detection of the Short SSL Key Length vulnerability
- Added capability to check for Sensitive Data in XML responses
Fixes
- Fixed missing Request Body content in vulnerability details
- Fixed an issue with the selection of agent groups
- Fixed an issue with the order in which internal agent scans are initiated
- Fixed an issue with the 'Ignore Certificate Errors' Agent setting for SSL Validation
- Fixed a download problem with PCI reports
- Fixed an issue with the SSO login that was causing incorrect redirects
- Removed references to 3.2 in the PCI DSS Compliance scan summary
- Fixed an issue with the Azure Boards integration reopening old vulnerabilities that do not link to active issues in Invicti Enterprise
- Fixed a timeout issue that was occurring on a prerequest script
- Fixed a problem in the JWT Engine to resolve a false positive issue
- Updated vulnerable OpenSSL libraries to secure versions
- Fixed a bug in the Checkout Logout Detection so that it now chooses the same verification agent as the verification process
- Fixed an issue related to the OTA app scan
- Fixed HTTP 413 responses resulting from nonce cookies stacking