Acunetix Premium Release Notes

v14.8.220519149 - 23 May 2022

Copy Link Copy Link

Version 14 build 14.8.220519149 for Windows, Linux and macOS – 23rd May 2022

New Features

JAVA IAST sensor now supports JBoss, Jetty and Wildfly JAVA Severs
Improved support for Servlet3 and Jersey JAVA Frameworks

New Vulnerability Checks

New IAST checks for Expression Language Injection
New IAST checks for Hibernate Query Injection
New test for Apache OFBiz Log4Shell RCE (CVE-2021-44228)
New WordPress plugin checks
New / updated JavaScript Audit checks

Updates

Various UI improvements
Improved detection of Directory Traversal vulnerabilities
Improved detection of Directory Listing vulnerabilities
Improved detection of development files
Several improvements to LSR / DeepScan

Fixes

Fixed issue causing some vulnerabilities detected by AcuSensor not to show as AcuSensor verified
Fixed issue causing routes to not be listed by JAVA IAST sensor
Fixed 2 issues in Target CSV import
Fixed issue causing SCA not to be done on JAVA Spring boot web applications
Fixed issue causing some checks not to be executed on cookies with Secure flag

v14.7.220425114 - 26 Apr 2022

Copy Link Copy Link

Version 14 build 14.7.220425114 for Windows, Linux and macOS – 26th April 2022

Updates

Upgraded Chromium to v100.0.4896.127

v14.7.220401065 - 01 Apr 2022

Copy Link Copy Link

Version 14 build 14.7.220401065 for Windows, Linux and macOS – 1st April 2022

New Vulnerability checks

Test for Spring4Shell vulnerability (CVE-2022-22965)

v14.7.220329162 - 30 Mar 2022

Copy Link Copy Link

Version 14 build 14.7.220329162 for Windows, Linux and macOS – 30th March 2022

Updates

Upgraded Chromium to v99.0.4844.84

v14.7.220322147 - 28 Mar 2022

Copy Link Copy Link

Version 14 build 14.7.220322147 for Windows, Linux and macOS – 28th March 2022

New Vulnerability checks

Test for host CMS Theme Preview XSS (CVE-2021-29484)

Updates

Engines page in UI now shows the number of Targets bound to a scanning engine
Vulnerabilities page in UI shows the Target Tracker Issue Id when the vulnerability is sent to an Issue Tracker
Upgraded Chromium to v99.0.4844.0
JWT audit checks are now done on GET / POST parameters

Fixes

Fixed several Scanner crashes
Numerous UI updates / fixes
Fixed error when configuring GitHub Issue Trackers
Numerous fixes related to CSRF token management
Better handling of imported URLs that are excluded in LSR
fixed issue causing pre-request scripts to be renamed, causing import scripts not to fail to be loaded

v14.7.220228146 - 01 Mar 2022

Copy Link Copy Link

Version 14 build 14.7.220228146 for Windows, Linux and macOS – 1st March 2022

New Features

.NET IAST Sensor (AcuSensor) can now be installed on .NET Core v3 and v5 on Windows (with Kestrel server)
Acunetix Scanner updated to support Routes for frameworks supported by the IAST sensors (AcuSensor)
Added support for Laravel framework in PHP IAST Sensor (AcuSensor)
Added support for CodeIgnitor framework in PHP IAST Sensor (AcuSensor)
Added support for Symphony framework in PHP IAST Sensor (AcuSensor)
Added support for ASP.NET MVC in .NET Core IAST Sensor (AcuSensor)
Added support for Razor Pages in .NET Core in .NET IAST Sensor (AcuSensor)
Added support for Web API in .NET Framework and .NET Core IAST Sensors (AcuSensor)
Added support for Spring MVC in JAVA IAST Sensor (AcuSensor)
Added support for Spring Struts2 in JAVA IAST Sensor (AcuSensor)

New Vulnerability Checks

Acunetix has been updated to detect the following vulnerabilities using IAST:
- LDAP Injection
- Unsafe Reflection of Untrusted Data
- XPath Injection
- Email Header Injection
- Deserialization of Untrusted Data
- MongoDB Injection
- Server-side template injection (SSTI)
- Server-side request forgery (SSRF)
- Acunetix IAST (AcuSensor) has been updated to detect over 30 new server-side misconfigurations across all sensors
New check for Magento Config File Disclosure
New check for BillQuick Web Suite SQL injection (CVE-2021-42258)
New check for Apache Airflow Experimental API Auth Bypass (CVE-2020-13927)
New check for Apache Airflow default credentials
New check for Apache Airflow Exposed configuration
New check for Apache Airflow Unauthorized Access Vulnerability
New check for GoCD information disclosure (CVE-2021-43287)
New check for Grafana Plugin Dir Traversal (CVE-2021-43798)
New check for NodeBB Arbitrary JSON File Read (CVE-2021-43788)
New check for ManageEngine Desktop Central Deserialization RCE (CVE-2020–10189)
New check for SolarWinds Orion API Auth bypass (CVE-2020-10148)
New check for Citrix ADC NetScaler Local File Inclusion (CVE-2020-8193)
New check for VMware vCenter vcavbootstrap Arbitrary File Read
New check for Pentaho API Auth bypass (CVE-2021-31602)
New check for Sonicwall SMA 100 Unintended proxy (CVE-2021-20042)
New check for VMware vCenter Log4Shell RCE
New check for VMware Horizon Log4Shell RCE
New check for MobileIron Log4Shell RCE
New check for Ubiquiti Unifi Log4Shell RCE
New check for Apache OFBiz Log4Shell RCE
New check for Apache Struts2 Log4Shell RCE
New check for Apache Solr Log4Shell RCE
New check for Apache JSPWiki Log4Shell RCE
New WordPress Core and WordPress plugins checks

Updates

IAST Sensors (AcuSensor) capabilities have been updated to improve the detection of:
- Arbitrary File Creation
- Directory Traversal
- SQL Injection
- Remote Code Execution
Acunetix will start reporting when an old version of the IAST Sensor (AcuSensor) is installed on the web application
Considerable update to the handling of CSRF tokens
The Vulnerabilities page now includes a unique Vulnerability ID
Multiple UI updates
Multiple DeepScan updates

Fixes

Fixed issue with Gitlab issue types not showing in UI
Fixed issue with Amazon AWS WAF export
Fixed several scanner crashes
Fixed issue with .NET IAST AcuSensor not working on IIS prior to version 10
Fixed issue with Node.js IAST AcuSensor causing web application to stop working
Fixed ordering issue caused in PDF Comprehensive reports for multiple scans
Fixed timeout issue causing IAST data not to reach the Acunetix scanner

v14.6.220117111 - 18 Jan 2022

Copy Link Copy Link

Version 14 build 14.6.220117111 for Windows, Linux and macOS – 18th January 2022

Updates

Updated Python binaries to v3.8.10
Updated WordPress plugin and WordPress core vulnerability checks

v14.6.211220100 - 20 Dec 2021

Copy Link Copy Link

Version 14 build 14.6.211220100 for Windows, Linux and macOS – 20th December 2021

New Vulnerability Checks

Apache Log4j RCE vulnerability check updated to detect blind (delayed) instances of the vulnerability

v14.6.211215172 - 16 Dec 2021

Copy Link Copy Link

Version 14 build 14.6.211215172 for Windows, Linux and macOS – 16th December 2021

New Vulnerability Checks

Apache Log4j RCE vulnerability check updated to detect the vulnerability in web server exceptions
Apache Log4j RCE vulnerability check updated to execute on various HTTP Headers

Updates

Updated the scanner to test custom headers used by the web application

Acunetix Standard & Premium

New Features

New Vulnerability Checks

Updates

Fixes

Updates

New Vulnerability checks

Updates

New Vulnerability checks

Updates

Fixes

New Features

New Vulnerability Checks

Updates

Fixes

Updates

New Vulnerability Checks

New Vulnerability Checks

Updates