v15.4.230222085 - 23 Feb 2023
Version 15 build 15.4.230222085 for Windows and Linux – 23 February 2023
New features
- Improved the default roles.
New security checks
- Updated the WordPress plugin vulnerabilities.
- Updated the software composition analysis database.
- New security check for detection of ASP.NET core in the development mode.
- Added various checks for Content Security Policy misconfiguration.
- New security check for Oracle Web Applications Desktop Integrator unauthenticated takeover. (CVE-2022-21587)
- New security check for Deserialization RCE vulnerability in Oracle Access Manager OpenSSO Agent. (CVE-2021-35587)
- Updated the file extensions and parameter exclusions.
- New security check for F5 BIG-IP Cookie Remote Information Disclosure.
- New security check detecting retired hash functions usage in SAML.
- Improved the SQL injection check to identify whether the database user has admin privileges.
Improvements
- Added the Heuristic server-side routing detection to optimize attacks.
- Updated the embedded Chromium browser to v109.0.5414.119.
- Added the company name field to the registration process to Acunetix.
- Updated the issue tracker integrations to show the link to the relevant ticket created in those issue trackers.
- Updated the DISA STIG report to version 5.2.
- Improved the CSV importing link to limit the target limit to 500.
- Improved the scanner engine to reduce the memory footprint.
- Improved the .NET IAST sensor to mask any password.
Fixes
- Fixed the pagination bug on the Targets page.
- Fixed the crawler issue that the page becomes unresponsive when it contains many elements.
- Fixed the single-page application crawler to be consistent in the form submission.
- Fixed a notification bug that does not redirect users to the correct URL for the finished scan.
- Fixed the bug that does not refresh the user interface after the update.