Changelogs

Acunetix Standard & Premium

RSS Feed

v15.1 - 10 Nov 2022

New features New navigation menu for a better user experience. Notification updates are shown for the last 30 days New vulnerability checks New check for Swagger UI DOM XSS vulnerability. New test for Fortinet Authentication bypass on the administrative interface (CVE-2022-40684). New test for Insecure...

New features

  • New navigation menu for a better user experience.
  • Notification updates are shown for the last 30 days

New vulnerability checks

    Updates

    • Updated the embedded Chromium browser to v107.0.5304.87/88.
    • Updated how scans reaching max scan time are displayed in UI.
    • Updated Issue Tracker UI to accept internal URLs.
    • Improved Log4J checks to reduce false positives.

    Fixes

    • Fixed the issue causing the IAST bridge to fail to send responses to the sensor when large packets are received from the sensor.
    • Added loopback routes that returned ‘undefined’ as an HTTP method.
    • Added the keep connection alive message between AcuSensor and the web application scanner to keep the connection alive.

    v15.0.221007170 - 13 Oct 2022

    Version 15 build 15.0.221007170 for Windows and Linux – 13th October 2022

    Note: There will be no new updates of the MacOS on premise installations. MacOS users can switch to Acunetix Premium Online, or use Acunetix On Premise in a virtual environment or on Docker.

    New Features

    New Vulnerability checks

    • Added check for Permissions-Policy header
    • Added check for unrestricted access to Karma monitoring interface
    • Added check for Go web application binary disclosure

    Updates

    • SCA: Improved the detection of components used by JAVA web application
    • Updated to Chromium v106.0.5249.61
    • Updated PHP AcuSensor to better support web applications using the Slim Framework
    • Improved support for HTTP calls from Axios
    • Updated CWE Top 25 Most Dangerous Software Weaknesses to 2022 list of weaknesses
    • Scan results and scan reports will include the Acunetix version used to conduct the scan
    • Updated PHP sensor to report MongoDB injection
    • Updated PHP sensor to report Server-side Template Injection (SSTI)
    • Increased the detection of default GraphQL Introspection URLs
    • Implemented heartbeat for connections between scanner and AcuSensor bridge
    • Multiple DeepScan updates
    • Improved the auditing of JavaScript Libraries

    Fixes

    • Fixed issue which might cause Blind SSRF in the Issue Tracker and Proxy configuration
    • Fixed 3 authorization problems
    • Fixed memory exhaustion bug in Heuristic Links Verifier
    • Fixed: Malware was being reported when invalid / unknown malware was reported by Windows Defender
    • Fixed some crashes in the scanner
    • Updated Network scans to not abort if initial ICMP ping fails
    • Fixed error when sending vulnerabilities to Jira Issue Tracker
    • Fixed UI error when filtering vulnerabilities by time

    v14.9.220913107 - 14 Sep 2022

    Version 14 build 14.9.220913107 for Windows, Linux and macOS – 14th September 2022

    Updates

    • Updated to Chromium 105.0.5195.102

    Fixes

    • Fixed DeepScan issue

    v14.9.220830118 - 30 Aug 2022

    Version 14 build 14.9.220830118 for Windows, Linux and macOS – 30th August 2022

    New Features

    • Added support for the Zend Framework in the PHP IAST AcuSensor

    New Vulnerability Checks

    Updates

    • Various DeepScan Improvements
    • Updated to Chromium 104.0.5112.101 (Linux) / 104.0.5112.102 (Windows)
    • Improved XSS in URI (folder/file)
    • Improved handling of SourceMaps
    • Updated exposed web installers check
    • Updated exposed development files check
    • Updated exposed monitoring systems check

    Fixes

    • Fixed issue in the PHP IAST AcuSensor when reporting SCA components
    • Fixed scanner crash

    v14.9.220713150 - 14 Jul 2022

    Version 14 build 14.9.220713150 for Windows, Linux and macOS – 14th July 2022

    New features

    • JAVA IAST AcuSensor can now be used on WebSphere
    • HTTP requests can be copied as Curl command from the vulnerability data

    New vulnerability checks

    Updates

    • Multiple DeepScan updates improving crawling of Single Page Applications (SPAs)
    • Upgraded Chromium to v103.0.5060.114
    • Improved handling of installed.json by PHP IAST AcuSensor
    • SCA, AcuMonitor (OOB vulnerability checks) and URL malware checks now require the “Acunetix Online Services” to be enabled in the user profile
    • Updated the MongoDB Injection checks
    • Various UI updates and fixes

    Fixes

    • Multiple fixes in the JAVA and .NET IAST AcuSensors
    • Fixed false negative in “Possible virtual host found”
    • Fixed bug causing CSRF tokens to be retrieved using HTTP
    • Fixed false positive in “Apache HTTP Server Source Code Disclosure”

    v14.8.220610146 - 13 Jun 2022

    Version 14 build 14.8.220610146 for Linux (only) – 13th June 2022

    Fixes

    • Fixed issue when using Acunetix on Amazon Linux 2

    v14.8.220519149 - 23 May 2022

    Version 14 build 14.8.220519149 for Windows, Linux and macOS – 23rd May 2022

    New Features

    • JAVA IAST sensor now supports JBoss, Jetty and Wildfly JAVA Severs
    • Improved support for Servlet3 and Jersey JAVA Frameworks

    New Vulnerability Checks

    Updates

    • Various UI improvements
    • Improved detection of Directory Traversal vulnerabilities
    • Improved detection of Directory Listing vulnerabilities
    • Improved detection of development files
    • Several improvements to LSR / DeepScan

    Fixes

    • Fixed issue causing some vulnerabilities detected by AcuSensor not to show as AcuSensor verified
    • Fixed issue causing routes to not be listed by JAVA IAST sensor
    • Fixed 2 issues in Target CSV import
    • Fixed issue causing SCA not to be done on JAVA Spring boot web applications
    • Fixed issue causing some checks not to be executed on cookies with Secure flag

    v14.7.220425114 - 26 Apr 2022

    Version 14 build 14.7.220425114 for Windows, Linux and macOS – 26th April 2022

    Updates

    • Upgraded Chromium to v100.0.4896.127
    1 2 21