Acunetix Premium - v12.0.180611183

New Features and Vulnerability tests

  • Introduced system to automatically avoid testing similar pages
  • New check for Oracle Weblogic WLS-WSAT Component Deserialization RCE affecting versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.1.0 and 12.2.1.2.0 (CVE-2017-10271)
  • New check for PHPUnit RCE affecting versions 4.8.28 and 5.x before 5.6.3 (CVE-2017-9841)
  • New check for Edge Side Include Injection vulnerabilities
  • New check for Dotenv (.env and variants) files
  • New check for Joe Text Editor DEADJOE file
  • New check for Symfony configuration file
  • New check for Laravel (PHP framework) log files
  • New check for publicly accessible backup directory in Drupal Backup Migrate

Updates

  • Updated timeout and retries for HTTP requests done by some vulnerability checks
  • Updated Web Application Detection checks to make less HTTP requests resulting in faster scans
  • Various minor updates to the UI
  • Improved parsing of robots.txt
  • Improved detection of default index files
  • Acunetix now shows the number of licensed Targets in the License section of the UI

Fixes

  • Some addresses were not parsed correctly, resulting in incorrect paths
  • Some addresses were not detected, resulting in missing paths
  • Some paths where being detected incorrectly
  • Scanner crash when allowed hosts are used
  • Scanner crash when parsing some pages
  • Scanner hang when crawling caused by DeepScan
  • No links parsed from pages without Content-Type header
  • Some vulnerability checks duplicated the query values
  • Sitemap was always being detected
  • Fixed validation issues in Security Settings > Account Lockout > Lockout timeout
  • License checks was failing for some installations