Acunetix Premium - v12.0.181203110

New features

  • Deepscan has been updated to make use of Chromium (Windows only - already included in Linux)
  • Login Sequence Recorder has been updated to make use of Chromium (Windows only - already included in Linux)
  • Acunetix can now test APIs document using Swagger (Windows only - already included in Linux)
  • Introduced support for NTLM HTTP Authentication on Linux release (already included on Windows)
  • Introduced support for Kerberos HTTP Authentication (Windows only)

New vulnerability checks

  • A huge update increasing the detection of Stored XSS
  • New test for possible file creation using the HTTP PUT method
  • New test for Apache Tomcat Remote Code Execution Vulnerability (CVE-2017-12615)
  • New test for Ektron Content Management System (CMS) 9.20 SP2, remote re-enabling users (CVE-2018–12596)
  • New test for httpoxy vulnerability
  • New test checks if CouchDB REST API is publicly accessible
  • New test checks if CouchDB is vulnerable to Remote Privilege Escalation resulting in Remote Code Execution (CVE-2017-12635)
  • New test for Apache ActiveMQ default credentials
  • New test for Node.js Path validation vulnerability (CVE-2017-14849)
  • New test for GoAhead web server RCE via unsafe environment initialization of forked CGI scripts (CVE-2017-17562)
  • New test for publicly accessible Hadoop YARN ResourceManager WebUI
  • New test for jQuery-File-Upload <= v9.22.0 unauthenticated arbitrary file upload vulnerability
  • New test looks for Google Firebase Databases URLs in the response and checks if the Firebase Databases are accessible without authentication
  • New test for Oracle WebLogic Remote Code Execution vulnerability via T3 (CVE-2018-3245)
  • New test for Oracle WebLogic Authentication Bypass vulnerability (CVE-2018-2894)
  • New test checks if Jupyter Notebook is publicly accessible
  • New test for Apache Log4j socket receiver deserialization vulnerability
  • New test for NGINX range filter integer overflow (CVE-2017-7529)
  • New test for Xdebug remote code execution via xdebug.remote_connect_back
  • Numerous new checks for WordPress Core, WordPress plugins, Joomla Core and Drupal Core.

Updates

  • Numerous memory management improvements
  • Multiple updates to LSR and session detection improving scanning of restricted areas
  • Improved speed of SQL Injection vulnerability checks
  • The new LSR / Deepscan will improve support of JavaScript rich sites
  • Added mock geo-location support to support scanning sites that require geo-location
  • Improved analysis of XML and JSON

Fixes

  • Fixed scanner crash when scan was resumed from paused state
  • Fixed some issues in the handling of cookies
  • Custom cookies were not always used
  • Content-Type header was not always being sent. This affected the detection of some vulnerabilities
  • Fixed a false positive in SSL weak key length vulnerability check
  • Fixed issue in the Social Security Number and Credit Card number check
  • Fixed issue with AcuSensor download on Linux release
  • Fixed issue causing scans to be aborted when server returns an invalid charset
  • Fixed a number of other issues causing the scanner to close unexpectedly
  • Sensitive and Backup files were not being checked for in the site root
  • Fixed issue with jquery version extractor
  • Fixed 2 internally reported security issues
  • Fixed issue with re-installation of Linux installations