Acunetix Premium - v14.6.211207099

New Features

• Scanner supports detecting HTTP/2 vulnerabilities

New Vulnerability Checks

• New check for Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF)
• New check for HTTP/2 pseudo-header server-side request forgery
• New check for Web Cache Poisoning DoS through HTTP/2 headers
• New check for HTTP/2 Web Cache Poisoning
• New check for Ghost CMS Theme Preview XSS (CVE-2021-29484)
• New check for GitLab ExifTool RCE (CVE-2021-22205)
• New check for Limited Remote File Read/Include in Jira Software Server (CVE-2021-26086)
• New check for Sitecore XP Deserialization RCE (CVE-2021-42237)

Updates

• Improved handling of Laravel CSRF tokens
• Added possibility to restrict scanning a Target using the Main Installation’s scanning engine
• Added ability to configure blocking of requests to Ad services
• Multiple UI updates
• Multiple DeepScan updates
• Multiple updates to the PHP AcuSensor

Fixes

• Fixed: SQLi false negative caused when AcuSensor is installed
• Fixed: Incremental scans not starting when scheduled via Jenkins plugin
• Fixed: 2 issues in .NET sensor injector CLI
• Fixed: Node.js sensor not working on https sites
• Fixed: Not all paths are importing from specific Burp state file
• Fixed: Scanner crashes when parsing specific GraphQL and Swagger 2 files
• Fixed: Specific excluded paths can cause the scanner to hang
• Fixed: multiple scanner hangs
• Fixed: Race condition between LSR and BLR
• Fixed: Imported urls ignored when site redirects from http to https
• Fixed: Incorrect permissions for some Acunetix files / folders on Linux / Mac