v11.0.173131028 - 09 Nov 2017
Version 11 (build 11.0.173131028) – 9th November 2017
New Features and Vulnerability Tests
- Added support for Selenium scripts as Target Import files
- Introduced various vulnerability checks for CMS Made Simple including:
- PHP Remote File Inclusion (RFI) in version 0.10 (CVE-2005-2846)
- SQL Injection in version 1.0.5 and earlier (CVE-2007-2473)
- Directory Traversal in version 1.8.1 and earlier (CVE-2010-2797)
- Web Server Cache Poisoning in versions 2.1.3 and earlier and 1.12.2 and earlier (CVE-2016-2784)
- Cross Site Request Forgery (CSRF) in version 2.1.6 and earlier (CVE-2016-7904)
- Cross Site Scripting (XSS) in version 2.1.6 and earlier (CVE-2017-6555)
- Cross Site Scripting (XSS) in version 2.1.6 (CVE-2017-6556)
- Local File Inclusion in version 2.1.6 and earlier
Improvements
- Various minor UI updates
- Improved handling of aborted scans for Targets with Continuous scanning enabled
- Increased Custom Cookie size limit from 512 bytes to 10Kb (2Kb for Acunetix Online)
- Added new email templates
- Email notification now indicates if a scan has failed
- Multiple minor updates to the reports
- Updated the Error Message script to show full JAVA error messages
- Tech Admin role can now create and alter Scan types.
Fixes
- Scan Comparison was incorrectly switching the order of the scans
- Scan Comparison was incorrectly comparing with Allowed host
- Fixed bug in the licensed user limit
- Fixed bug causing scans to fail when the LSR contains Unicode characters
- Multiple fixes in XML export
- Multiple fixes in F5 WAF rules export
- Fixed 2 minor security issues in web interface
- 2 fixes affecting incorrect vulnerability count in Dashboard
- Fixed the retesting of vulnerabilities for Targets requiring manual intervention
- Fixed the Targets page incorrectly showing that the Target is being scanned, when an ongoing scan is deleted.