New Features and Vulnerability Tests
- Detection of Apache Struts 2 Showcase RCE (CVE-2017-9791)
- Check for .hgignore (Mercurial SCM configuration file)
- Check for Atlassian Confluence Stored XSS (CVE-2016-6283)
- Check for private key files with names based on ScanHost, e.g. "www.example.org.key", "example.org.key"
- Check for moment.js Denial of Service (CVE-2016-4055)
- Various updates to the WordPress and Joomla checks
- Introduction of Multi-Engine functionality for Enterprise customers
Improvements
- Updated the Database backup file checks
- Improved Jquery version fingerprinting
- Updated detection of HttpOnly and Secure cookie flags
- Updated default Target list sorting
Fixes
- Fixed XSS detection issue
- Minor fix to the allow_url_fopen enabled check
- Fixed F5 BIP-AP ASM WAF XML export
- Fixed issue causing Acunetix not to be able to install on Chinese OS