New Feature
- Acunetix WVS will alert the user if a web application firewall or IDS are detected
New Security Checks
- Added a security check for FCKeditor cross site scripting vulnerability
- Added a test for Liferay json Auth Bypass
- Acunetix WVS now checks for Server Side Request Forgery
- Added several security checks for IBM Tivoli Access Manager Web Server vulnerabilities
- New security check for vulnerabilities in SharePoint Could Allow Elevation of Privilege (MS12-050)
- Acunetix WVS now cheks for several DotNetNuke vulnerabilities (popular ASP.NET CMS)
- Added a new security check for exposed Apache Solr Service
- Remote code execution tests for Umbraco asp.net CMS software
- Check for SWFUpload applet vulnerability in a large number of web applications
- Added security checks for user controllable scripts and charsets
Improvements
- Cross-site scripting (XSS) security checks were improved
- HTTP Verb Tapering security script now bruteforces common or sensitive files and directories
Bug Fixes
- Fixed: Incorrect handling of Internet Explorer’s Javascript substr implementation
- Fixed: Login Sequence Recorder; ssl_write result was not handled correctly resulting in data not rendering correctly
- Fixed: Display problem; alert/child count was not displayed correctly in some cases
- Fixed: Developer report was not showing long urls in coverage report
- Fixed: Saved credentials were not persistent in general settings